Hi Klaus, 1.) Pertaining to Nginx there is no CVE-ID, main concern is, According to nginx download page, (http://nginx.org/en/download.html) Nginx 1.14.x is no longer supported and will not be getting regular patches. So, if any security Vulnerabilities arise then system would be at high risk as the vendor no longer provide updates.
2.) Pertaining to GNOME Evolution , the CVE-ID is CVE-2020-11879 . This ID isn't present in the links which you've shared. Thanks, Revanth. -----Original Message----- From: Klaus Singvogel <deb-user...@singvogel.net> Sent: 15 September 2020 13:32 To: Suryadevara, Revanth <revanth.suryadev...@arcserve.com> Cc: debian-user@lists.debian.org Subject: Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution Suryadevara, Revanth wrote: > > We have a system running on Debian 10 with Nginx v1.14.2, GNOME Evolution > v3.30.5-1.1 installed along with other packages. > [...] > When can we expect latest versions of Nginx and GNOME Evolution to be > available in Debian 10 ? Which security bugs do you think are in the Debian 10 version of Nginx v1.14.2 or GNOME Evolution v3.30.5-1.1 not fixed? https://us-east-2.protection.sophos.com?d=debian.org&u=aHR0cHM6Ly9tZXRhZGF0YS5mdHAtbWFzdGVyLmRlYmlhbi5vcmcvY2hhbmdlbG9ncy8vbWFpbi9uL25naW54L25naW54XzEuMTQuMi0yK2RlYjEwdTNfY2hhbmdlbG9n&e=cmV2YW50aC5zdXJ5YWRldmFyYUBhcmNzZXJ2ZS5jb20=&t=V1JzK082WlRla1JMWEFzNjR4WDJvK1gwSHRoQTVkOWtISkFPc084Y0NRdz0=&h=1d129af62b6248948c99efacbb1de4f1 https://us-east-2.protection.sophos.com?d=debian.org&u=aHR0cHM6Ly9tZXRhZGF0YS5mdHAtbWFzdGVyLmRlYmlhbi5vcmcvY2hhbmdlbG9ncy8vbWFpbi9lL2V2b2x1dGlvbi9ldm9sdXRpb25fMy4zMC41LTEuMV9jaGFuZ2Vsb2c=&e=cmV2YW50aC5zdXJ5YWRldmFyYUBhcmNzZXJ2ZS5jb20=&t=eVVUdmdWUGNsVzVrTHp2N0M0cmU0UklHZzl5T0xGN3NtNno3aHRtY25yVT0=&h=1d129af62b6248948c99efacbb1de4f1 Please name us the CVE identifiers, which you believe Debian 10 is affected by. Thanks in advance. Best regards, Klaus. -- Klaus Singvogel GnuPG-Key-ID: 1024R/5068792D 1994-06-27