CVE-2013-0337/nginx: clarify status

author: Sylvain Beucler <beuc@beuc.net> 2020-07-11 12:19:25 +0200
committer: Sylvain Beucler <beuc@beuc.net> 2020-07-11 12:19:30 +0200
commit: bd203e295278ef2a0d7bb96b9a4aef4ecb21b2d9 (patch)
tree: 699df09b89cb80f2e6893f808298efd4b2d9777b /data/CVE/2013.list
parent: 80c4385b763796096b4f0e2f6433d2d1136bd6a4 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 458eed11cb..66b78e7e82 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -19121,9 +19121,9 @@ CVE-2013-0337 (The default configuration of nginx, possibly 1.3.13 and earlier,
 	[jessie] - nginx <ignored> (Minor issue)
 	[wheezy] - nginx <no-dsa> (Minor issue)
 	[squeeze] - nginx <no-dsa> (Minor issue)
-	NOTE: Can only be fixed properly once https://trac.nginx.org/nginx/ticket/376
-	NOTE: resolved upstream.
-	NOTE: Originally fixed in 1.4.4-2 but reintroduced with DSA-3701-1 fixes.
+	NOTE: Can only be fixed properly once https://trac.nginx.org/nginx/ticket/376 is resolved upstream
+	NOTE: Originally fixed in 1.4.4-2 but reintroduced with DSA-3701-1 (CVE-2016-1247)
+	NOTE: Post DSA-3701-1, Debian's default configuration is not affected, new log files are
 CVE-2013-0336 (The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ ...)
 	- 389-ds-base 1.3.2.9-1 (bug #704077)
 CVE-2013-0335 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1)  ...)
author	Sylvain Beucler <beuc@beuc.net>	2020-07-11 12:19:25 +0200
committer	Sylvain Beucler <beuc@beuc.net>	2020-07-11 12:19:30 +0200
commit	bd203e295278ef2a0d7bb96b9a4aef4ecb21b2d9 (patch)
tree	699df09b89cb80f2e6893f808298efd4b2d9777b /data/CVE/2013.list
parent	80c4385b763796096b4f0e2f6433d2d1136bd6a4 (diff)