Hi Klaus,
1.) Pertaining to Nginx there is no CVE-ID, main concern is,
According to nginx download page, (http://nginx.org/en/download.html) Nginx
1.14.x is no longer supported and will not be getting regular patches. So, if
any security Vulnerabilities arise then system would be at high risk as the
vendor no longer provide updates.
2.) Pertaining to GNOME Evolution , the CVE-ID is CVE-2020-11879 . This ID
isn't present in the links which you've shared.
Thanks,
Revanth.
-----Original Message-----
From: Klaus Singvogel <deb-user...@singvogel.net>
Sent: 15 September 2020 13:32
To: Suryadevara, Revanth <revanth.suryadev...@arcserve.com>
Cc: debian-user@lists.debian.org
Subject: Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution
Suryadevara, Revanth wrote:
>
> We have a system running on Debian 10 with Nginx v1.14.2, GNOME Evolution
> v3.30.5-1.1 installed along with other packages.
>
[...]
> When can we expect latest versions of Nginx and GNOME Evolution to be
> available in Debian 10 ?
Which security bugs do you think are in the Debian 10 version of Nginx
v1.14.2 or GNOME Evolution v3.30.5-1.1 not fixed?
https://us-east-2.protection.sophos.com?d=debian.org&u=aHR0cHM6Ly9tZXRhZGF0YS5mdHAtbWFzdGVyLmRlYmlhbi5vcmcvY2hhbmdlbG9ncy8vbWFpbi9uL25naW54L25naW54XzEuMTQuMi0yK2RlYjEwdTNfY2hhbmdlbG9n&e=cmV2YW50aC5zdXJ5YWRldmFyYUBhcmNzZXJ2ZS5jb20=&t=V1JzK082WlRla1JMWEFzNjR4WDJvK1gwSHRoQTVkOWtISkFPc084Y0NRdz0=&h=1d129af62b6248948c99efacbb1de4f1
https://us-east-2.protection.sophos.com?d=debian.org&u=aHR0cHM6Ly9tZXRhZGF0YS5mdHAtbWFzdGVyLmRlYmlhbi5vcmcvY2hhbmdlbG9ncy8vbWFpbi9lL2V2b2x1dGlvbi9ldm9sdXRpb25fMy4zMC41LTEuMV9jaGFuZ2Vsb2c=&e=cmV2YW50aC5zdXJ5YWRldmFyYUBhcmNzZXJ2ZS5jb20=&t=eVVUdmdWUGNsVzVrTHp2N0M0cmU0UklHZzl5T0xGN3NtNno3aHRtY25yVT0=&h=1d129af62b6248948c99efacbb1de4f1
Please name us the CVE identifiers, which you believe Debian 10 is affected by.
Thanks in advance.
Best regards,
Klaus.
--
Klaus Singvogel
GnuPG-Key-ID: 1024R/5068792D 1994-06-27
