Bug#991328: marked as done (nginx: CVE-2021-3618)

Mon, 09 May 2022 09:21:18 -0700 

Your message dated Mon, 09 May 2022 16:19:46 +0000
with message-id <[email protected]>
and subject line Bug#991328: fixed in nginx 1.20.2-2
has caused the Debian Bug report #991328,
regarding nginx: CVE-2021-3618
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
991328: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: nginx
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,
https://alpaca-attack.com/ affects Nginx, the patch is at
http://hg.nginx.org/nginx/rev/ec1071830799

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3618
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message --- 
Source: nginx
Source-Version: 1.20.2-2
Done: Thomas Ward <[email protected]>

We believe that the bug you reported is fixed in the latest version of
nginx, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thomas Ward <[email protected]> (supplier of updated nginx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 04 May 2022 16:04:59 -0400
Source: nginx
Architecture: source
Version: 1.20.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Nginx Maintainers 
<[email protected]>
Changed-By: Thomas Ward <[email protected]>
Closes: 991328
Changes:
 nginx (1.20.2-2) unstable; urgency=medium
 .
   [ Thomas Ward ]
   * d/patches/CVE-2021-3618.patch: Include upstream changeset from NGINX
     that adds mitigations into the Mail module for CVE-2021-3618.patch.
     (Closes: #991328)
 .
   [ Jan Mojžíš ]
   * d/p/0003-define_gnu_source-on-other-glibc-based-platforms.patch update,
     fixes build on hurd-i386 platform
Checksums-Sha1:
 a54ccd6b80bb04e4731aa1605b19da65dbc6a28c 4914 nginx_1.20.2-2.dsc
 59888fdeb78eec4979a8df89a80b43ee84b73eb7 1062124 nginx_1.20.2.orig.tar.gz
 6c318ed9877990d3d21a9a3e454faab3debd9322 455 nginx_1.20.2.orig.tar.gz.asc
 0b9e2cf86ff9202f2ec9e30916f968f782c23667 1073604 nginx_1.20.2-2.debian.tar.xz
 0e9e1ef3a93fc73e5bd2bf9c3acdd1d493446bdb 7875 nginx_1.20.2-2_source.buildinfo
Checksums-Sha256:
 b55d19659960b4bae49f35dc4259c45ebae24ce1e7792b522a38d9f6d52dfc7a 4914 
nginx_1.20.2-2.dsc
 958876757782190a1653e14dc26dfc7ba263de310e04c113e11e97d1bef45a42 1062124 
nginx_1.20.2.orig.tar.gz
 1a3865635c1dea1b16d3b60371be09798cb0a1dc5ca6aa680c66f81df5fc8673 455 
nginx_1.20.2.orig.tar.gz.asc
 e5574a4672ea6f5f781be4d0e24256faed6dc3fef17959bf1cecf6495b4d5e71 1073604 
nginx_1.20.2-2.debian.tar.xz
 c84e443ae0732cfafde0183c8815ff5a1be99d1f4232a407b0b9c5f94bd081a9 7875 
nginx_1.20.2-2_source.buildinfo
Files:
 62e9b021a67a235b01a450b239690d11 4914 httpd optional nginx_1.20.2-2.dsc
 3bcc5ccdc052c35d0d3c5557cf56c7d2 1062124 httpd optional 
nginx_1.20.2.orig.tar.gz
 8cf5bfb6d5c86d572e75f37bbe5e8e65 455 httpd optional 
nginx_1.20.2.orig.tar.gz.asc
 c7d5a0974b8cd0ae1c297d7d5a1fbef5 1073604 httpd optional 
nginx_1.20.2-2.debian.tar.xz
 e826028a4c223ee4a193f8003a28ad09 7875 httpd optional 
nginx_1.20.2-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEV5L2YWTQV+/G0G+vW4rW9MJq3d0FAmJ5Od4ACgkQW4rW9MJq
3d1q7Q//RxmhCZRUz7lVnHvBAt/vZQYcRrii1qRZ7XfWT368mAo9wGvZ4xj/S+9Z
EVyFzNymiVRRYAwzKKMQ1Dk/U6VbkKk130702Kxw1QNDbDTBT4USCy7yjxuFMnHX
jxS8Z55wnovILrEV50JbUGpLSOBnLIdxM4d1Qr/i2v8lFEL3GDlfWMg0QszPKRvC
WT6lF/3IbTemuK/onkAkC839pxm1DSU/u+Uo1xU5TyS16z1ssYA2R2zqr+tWEbLE
Gxqzo3GvSyRG20quBBJ6Sis6CItCuxqGiuaWO3cfmTYhxOao2Hbo1yAiCtnf3i02
E0YSs1+CsVo+exTpZmE89brZQA2pd46/dOql2YcB2gPqUR/Ef8AJYvo1VJgVhGec
htz/CaPjgIHpOaEBQVOwMYm57N1Gi3b4gPmICyJRAdbweHklEoDCEZ7JSeTMZcM5
KyH3z8OFxuvyF+WN1n25OiJQF9HKI79AERjn5btn+TjGXKCJd1PYDdTjYo9wltSH
rswXb/4AzjAlc40DUbz+XbvTW/i5oAXbLZEezUNhtS2N3RcJsBavugZZR7GOmJQl
HwYJUll8xC9e8cl6nYaA4lAMM1fERO2rzeZLVrs1YcEuWCKvSmtPz3QGckgB2WJk
n9H5uYw9+UIhTQdyi0qQ5lHC9wZ0KCpPcAc3ktFmabS3DKnFeMw=
=3wWo
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to