Your message dated Tue, 26 Jan 2016 18:34:26 +0000
with message-id <[email protected]>
and subject line Bug#812806: fixed in nginx 1.9.10-1
has caused the Debian Bug report #812806,
regarding nginx: resolver CVEs: CVE-2016-0742 CVE-2016-0746 CVE-2016-0747
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
812806: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nginx
Severity: important
Tags: security upstream
Several problems in nginx resolver were identified, which might
allow an attacker to cause worker process crash, or might have
potential other impact:
- Invalid pointer dereference might occur during DNS server response
processing, allowing an attacker who is able to forge UDP
packets from the DNS server to cause worker process crash
(CVE-2016-0742).
- Use-after-free condition might occur during CNAME response
processing. This problem allows an attacker who is able to trigger
name resolution to cause worker process crash, or might
have potential other impact (CVE-2016-0746).
- CNAME resolution was insufficiently limited, allowing an attacker who
is able to trigger arbitrary name resolution to cause excessive resource
consumption in worker processes (CVE-2016-0747).
The problems affect nginx 0.6.18 - 1.9.9 if the "resolver" directive
is used in a configuration file.
The problems are fixed in nginx 1.9.10, 1.8.1.
http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
--- End Message ---
--- Begin Message ---
Source: nginx
Source-Version: 1.9.10-1
We believe that the bug you reported is fixed in the latest version of
nginx, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christos Trochalakis <[email protected]> (supplier of updated nginx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 26 Jan 2016 20:12:06 +0200
Source: nginx
Binary: nginx nginx-doc nginx-common nginx-full nginx-full-dbg nginx-light
nginx-light-dbg nginx-extras nginx-extras-dbg
Architecture: source all amd64
Version: 1.9.10-1
Distribution: unstable
Urgency: medium
Maintainer: Kartik Mistry <[email protected]>
Changed-By: Christos Trochalakis <[email protected]>
Description:
nginx - small, powerful, scalable web/proxy server
nginx-common - small, powerful, scalable web/proxy server - common files
nginx-doc - small, powerful, scalable web/proxy server - documentation
nginx-extras - nginx web/proxy server (extended version)
nginx-extras-dbg - nginx web/proxy server (extended version) - debugging
symbols
nginx-full - nginx web/proxy server (standard version)
nginx-full-dbg - nginx web/proxy server (standard version) - debugging symbols
nginx-light - nginx web/proxy server (basic version)
nginx-light-dbg - nginx web/proxy server (basic version) - debugging symbols
Closes: 808699 812806
Changes:
nginx (1.9.10-1) unstable; urgency=medium
.
[ Christos Trochalakis ]
* New upstream release (1.9.10) (Closes: #812806)
* debian/control:
+ Drop python dependency from nginx-common. (Closes: #808699)
Checksums-Sha1:
5ce4fe4f1b6149c73855e4fbb4b137d5213bd138 2814 nginx_1.9.10-1.dsc
b7ddb8bb55ad20c336c94526cd2c26b5699caeb5 889267 nginx_1.9.10.orig.tar.gz
f5a401148daa1a594a8512475abbe9a1d9665e96 644936 nginx_1.9.10-1.debian.tar.xz
5b9cdd9b4c02ffd932f58dcd04e842c465b7619d 97954 nginx-common_1.9.10-1_all.deb
c26c474d15f1482228ccf73d1d0379e8c68f9b2e 89260 nginx-doc_1.9.10-1_all.deb
276eb6e9e35bfcc0084cfc9b282a233f2ad0508d 5861022
nginx-extras-dbg_1.9.10-1_amd64.deb
ad349d1c7391c73061b46dec8bc5023b6d239cbb 688818 nginx-extras_1.9.10-1_amd64.deb
ff0688ed0e184e91301a2e53b39ddabd4c07959d 3786130
nginx-full-dbg_1.9.10-1_amd64.deb
81cdc1a79088d5fcb6ff68efcad51530fd6a530c 498614 nginx-full_1.9.10-1_amd64.deb
bd737a95d16a25decc0395f8e57f09a53b861835 2426290
nginx-light-dbg_1.9.10-1_amd64.deb
1aaef49af0df13f3333c22bea9c6208eef8eee3c 367066 nginx-light_1.9.10-1_amd64.deb
3120af8510f8de0e6e10a9f03a30c755cb29be7f 77766 nginx_1.9.10-1_all.deb
Checksums-Sha256:
c340d3f52b7be21db0271b48327456fcfee15b5a56cfd453f28eb90950a09fdf 2814
nginx_1.9.10-1.dsc
fb14d76844cab0a5a0880768be28965e74f9956790f618c454ef6098e26631d9 889267
nginx_1.9.10.orig.tar.gz
fe5cc75d2861191a6ab39faf252de52d9d6385612dc55a2765b12d6ecaabaf42 644936
nginx_1.9.10-1.debian.tar.xz
49f9e80bff09edfebd36121349efc7f07894c28d97fe620dfbea93fe865dde9a 97954
nginx-common_1.9.10-1_all.deb
a4c1c70106762fa7c8b0f29b1730a3fd46a0fedfdf519ef5672409679cc23028 89260
nginx-doc_1.9.10-1_all.deb
0b62722832b81a971cac0da808196ab14fd11ae47beb9f3e9e3127e06f688514 5861022
nginx-extras-dbg_1.9.10-1_amd64.deb
d362bf46165f9f1abbb4cd67d8c84fdba8b3f0f9dbe877e115e76541b7439bc0 688818
nginx-extras_1.9.10-1_amd64.deb
e8325faf44d5be4b2639fd131847fdfd91756c931edd4a21135f4a235a52a58f 3786130
nginx-full-dbg_1.9.10-1_amd64.deb
38abe33aee63f84dfe0301226ae777ad7390d7442121e32fc38525290a71c755 498614
nginx-full_1.9.10-1_amd64.deb
d4e829b07abbdf99c4c47211d280c1c85fbb335c99a2cc86ae2c2bbc65f1f6ee 2426290
nginx-light-dbg_1.9.10-1_amd64.deb
5da06d95e7b1e53ba462be92a6be7a0625f2c1bd54191f60cfecfbac35918f04 367066
nginx-light_1.9.10-1_amd64.deb
3a6c4ea7634d5569b6697fc2feac35209f9f743c4e034bdffe5f1908a6ded99a 77766
nginx_1.9.10-1_all.deb
Files:
e0e47351d090b21511a1e5db6ddbd1dd 2814 httpd optional nginx_1.9.10-1.dsc
64cc970988356a5e0fc4fcd1ab84fe57 889267 httpd optional nginx_1.9.10.orig.tar.gz
8bca294325678702db2c2d248800a29a 644936 httpd optional
nginx_1.9.10-1.debian.tar.xz
4e2cea2ebedccf452bd360f182e21834 97954 httpd optional
nginx-common_1.9.10-1_all.deb
3c41519d83f0e7b79d101ca3d06ffb57 89260 doc optional nginx-doc_1.9.10-1_all.deb
a660cdeef7bbe9ef8d30abf7a43b0da6 5861022 debug extra
nginx-extras-dbg_1.9.10-1_amd64.deb
e5b95d2824dc47aaf3785c67d4c4d69b 688818 httpd extra
nginx-extras_1.9.10-1_amd64.deb
539e520b1ff1100f832a9da0d5ffad6c 3786130 debug extra
nginx-full-dbg_1.9.10-1_amd64.deb
3a0e5893e824638aa1b00a050a7775bd 498614 httpd optional
nginx-full_1.9.10-1_amd64.deb
864a6b46ed32d69273101be98e817d32 2426290 debug extra
nginx-light-dbg_1.9.10-1_amd64.deb
3f71ba648ceb173a8d6164b7e5b78fad 367066 httpd extra
nginx-light_1.9.10-1_amd64.deb
52b5dd9e7c21dc848c6089f6ba503dcc 77766 httpd optional nginx_1.9.10-1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJWp7iMAAoJEBE2JgCnR+zZjSYP/3w2smwi7jEc58u/1DinZ0wI
tWW4lvfQZPFVPdMm6ikFBcLcjqjIlK2/wqXnhl7ew8Y2CdTYZyd6BxBPa/PpWH/d
i33rg52i5qEfB7AfX6aDxYUORbLgKKN1p93x2O0dMFOhfHvF4z/TrH373kiChOTS
aYAumwb1Uqe2vMuaeQabvKAwrcKwNrgnKqbc1t7ev0uJMInFJrquMfoSykdhodOb
ZY43s4LX+B3f/M/Ben2cqisiHpYcbTsuOY0T3cIm+bX+zGZdC3aD7uaI/Lsy9qYb
mc8jxsf0PbMf93WaAMwkttEJ24FacpsP52fOECbPbMJ1gYDHsTszR1P8dXzidivW
tJ0rF6rHBz9xrpmb4Xi1RyQASU9OBtLdIr68mk6SDCz4Ptjy/WlD4Z0R2wkpWuCP
SsP8IW5UMdrkDzyDgrrAFAyd7i8bmQaJthumLzWWVmI8R4Nzu9XzS3qH+CCuO4Cg
InTuQB2w2ueW9Pby+wAO5dVaOVMfwlkJ2+j51VX6fDXRcWvpXz4TfJtUlPnor0yf
4C2K9qWAtXuLvARDqbCaYVTG1jHflaFF4wg5CV6TXAROla5PQj4xKSXkl30R9zOT
hac3s5D9pAChscxcqhUWXYycHCcsEDfhUJ/U56I1XPF/DoKW5Y8K8pq7j8LlA2Kv
fK8MeyRuqwc+hr/7YSF3
=OBTS
-----END PGP SIGNATURE-----
--- End Message ---
