Bug#991328: marked as done (nginx: CVE-2021-3618)

[Debian Bug Tracking System]

Your message dated Sun, 29 May 2022 18:32:09 +0000
with message-id <e1nvnhx-0004or...@fasolo.debian.org>
and subject line Bug#991328: fixed in nginx 1.18.0-6.1+deb11u2
has caused the Debian Bug report #991328,
regarding nginx: CVE-2021-3618
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
991328: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: nginx
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security

Hi,
https://alpaca-attack.com/ affects Nginx, the patch is at
http://hg.nginx.org/nginx/rev/ec1071830799

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-3618
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

Source: nginx
Source-Version: 1.18.0-6.1+deb11u2
Done: Jan Mojžíš <jan.moj...@gmail.com>

We believe that the bug you reported is fixed in the latest version of
nginx, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 991...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Mojžíš <jan.moj...@gmail.com> (supplier of updated nginx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 14 May 2022 08:27:08 +0200
Source: nginx
Architecture: source
Version: 1.18.0-6.1+deb11u2
Distribution: bullseye
Urgency: medium
Maintainer: Debian Nginx Maintainers 
<pkg-nginx-maintain...@alioth-lists.debian.net>
Changed-By: Jan Mojžíš <jan.moj...@gmail.com>
Closes: 991328
Changes:
 nginx (1.18.0-6.1+deb11u2) bullseye; urgency=medium
 .
   * d/patches/CVE-2021-3618.patch: Include upstream changeset from NGINX
     that adds mitigations into the Mail module for CVE-2021-3618.patch.
     (Closes: #991328)
Checksums-Sha1:
 450de5d2321892884a27114d1d6761a0a1a7b4c9 4819 nginx_1.18.0-6.1+deb11u2.dsc
 0d9209e34753aae0784e3e90bb5f19bcb6c495ab 1040444 
nginx_1.18.0-6.1+deb11u2.debian.tar.xz
 ab92eb2b1f41869d14141d734d1b66e31987157a 8168 
nginx_1.18.0-6.1+deb11u2_source.buildinfo
Checksums-Sha256:
 eaa27b45b0500663b9032a2590b0396adb31def8a1f216b022a838ab67b38a3f 4819 
nginx_1.18.0-6.1+deb11u2.dsc
 ef1c16b72d894a50b07c65c7fb63b0e85fa2f5e3778fa214a2e5e6d0b9ebc3a0 1040444 
nginx_1.18.0-6.1+deb11u2.debian.tar.xz
 f57510bcd0737176088188d56d4885394a5cfcc856f4cc7d9e55749f04fcf33d 8168 
nginx_1.18.0-6.1+deb11u2_source.buildinfo
Files:
 301db18120fef7607ee93e0d75fe9cab 4819 httpd optional 
nginx_1.18.0-6.1+deb11u2.dsc
 0de2096c2e6be1c0c6583b1ffa8fd508 1040444 httpd optional 
nginx_1.18.0-6.1+deb11u2.debian.tar.xz
 91a9b15493ff7d9bf8e3ef48551133b5 8168 httpd optional 
nginx_1.18.0-6.1+deb11u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCgAzFiEE0Aiwwj2EeeRrn8uQRdpRdJaTn/kFAmKTHzkVHGphbi5tb2p6
aXNAZ21haWwuY29tAAoJEEXaUXSWk5/50coQAMTtihr/oV2Veye8h4kx5QXvHD+R
E0ccg84/lc+xBj8nhYz168gTcWX5ULv5B4cg3pIkN7s6ri59WV+jmLa2kEDRLUFF
sQyawFrr43B4qO6CcSmsb29LUtwKMxJMsfZPW9NBcIj56wxK5nDIAYTTWu4BDe/w
T2OCYnuJWB4iMg7rwf8LlPzPCW1QIJ8WdJNECIAdm/zSxAbJKli4iArGfFjztvV0
Dd1UYare684m09lpqq+t3yAysTFUeSIE0GI93AlqdTBoFkBdWNqcq7FxjnDnt/gA
E5tWrNep3H6LJ+vL+YzlOphlM8vHJXuGlgUo7Pa8f00YX5sP/+jVTwXiurPXUaBS
IMP8+fwmdC3AxIHeMRaq2S7xw24udJfKe4VOl2jOLrVlNdpp8ueogwZi72RBBlrm
NeqOIGqEz48cnDf8xjHIY1vsKA+dcdZYnouMMTEj861T9SPwcyMOnp5t8UtqSuRK
AAFa6mEObESsc0Zxck20RnxW5oA9DQSUxLeeJMuCU60Eob+A1aQQokaZHHm6/LSA
QiUDVYBszxJ+S077V0IfMPAu2BE+MPZhubUEOC18vBt7TsXSWS60ZW7DlxzPHmd6
A0IEIp62STC3uVt8yjAT5E1peHJBRwajVK2mk2cn4OIZ6TAucJCxLTos5Jvs7XPY
73GidIlRwbZB3fYJ
=Ande
-----END PGP SIGNATURE-----

--- End Message ---