Hello,

 

I have a question regarding the nginx package.

I’ve noticed that there are some known issues with the version of nginx being used in EPEL, which is 1.10 at the moment.

 

1. CVE-2017-7529
2. CVE-2016-4450

 

Reference : http://nginx.org/en/security_advisories.html

 

Where can I find the answers to the following questions?

 

1. Are these security advisories considered important enough to be fixed by the package maintainer?
2. Will they be backported from newer upstream versions?
3. Will the package be bumped to a newer upstream version altogether?
4. Is there a way I can help with maintaining the nginx package?

 

Thanks,

David