Your message dated Wed, 17 Sep 2014 09:31:31 +0000 with message-id <e1xubaf-0008tk...@franck.debian.org> and subject line Bug#761940: fixed in nginx 1.6.2-1 has caused the Debian Bug report #761940, regarding nginx:CVE-2014-3616: possible to reuse cached SSL sessions in unrelated contexts to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 761940: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761940 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: nginx Version: 0.7.67-3 Severity: grave Tags: security upstream patch fixed-upstream Hi, the following vulnerability was published for nginx. CVE-2014-3616[0]: reuse cached SSL sessions in unrelated contexts If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-3616 [1] http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: nginx Source-Version: 1.6.2-1 We believe that the bug you reported is fixed in the latest version of nginx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 761...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christos Trochalakis <yati...@ideopolis.gr> (supplier of updated nginx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 17 Sep 2014 11:19:01 +0300 Source: nginx Binary: nginx nginx-doc nginx-common nginx-full nginx-full-dbg nginx-light nginx-light-dbg nginx-extras nginx-extras-dbg nginx-naxsi nginx-naxsi-dbg nginx-naxsi-ui Architecture: source all amd64 Version: 1.6.2-1 Distribution: unstable Urgency: high Maintainer: Kartik Mistry <kar...@debian.org> Changed-By: Christos Trochalakis <yati...@ideopolis.gr> Description: nginx - small, powerful, scalable web/proxy server nginx-common - small, powerful, scalable web/proxy server - common files nginx-doc - small, powerful, scalable web/proxy server - documentation nginx-extras - nginx web/proxy server (extended version) nginx-extras-dbg - nginx web/proxy server (extended version) - debugging symbols nginx-full - nginx web/proxy server (standard version) nginx-full-dbg - nginx web/proxy server (standard version) - debugging symbols nginx-light - nginx web/proxy server (basic version) nginx-light-dbg - nginx web/proxy server (basic version) - debugging symbols nginx-naxsi - nginx web/proxy server (version with naxsi) nginx-naxsi-dbg - nginx web/proxy server (version with naxsi) - debugging symbols nginx-naxsi-ui - nginx web/proxy server - naxsi configuration front-end Closes: 761940 Changes: nginx (1.6.2-1) unstable; urgency=high . [ Christos Trochalakis ] * New upstream release. CVE-2014-3616: "it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks". (Closes: #761940) Checksums-Sha1: cfae5345e420199c2bc5b8c907756a651ff04a5b 2992 nginx_1.6.2-1.dsc 1a5458bc15acf90eea16353a1dd17285cf97ec35 804164 nginx_1.6.2.orig.tar.gz 279565b49899204bb7aee75e17f3096eb1de6b42 906648 nginx_1.6.2-1.debian.tar.xz c858c69d76ac0bce714a729b0e0275556561bd12 71460 nginx_1.6.2-1_all.deb 209d2fb408387bdda479b93e1cdd290b6c72451b 82690 nginx-doc_1.6.2-1_all.deb 268421284e6f1528bd4b3bf12ec853d6fa7fbd65 85252 nginx-common_1.6.2-1_all.deb cdb187e724b9eca30f11499889724f2e899464a0 428078 nginx-full_1.6.2-1_amd64.deb d0c3a6294585d0192c8349393dbd73ac768f3068 3122282 nginx-full-dbg_1.6.2-1_amd64.deb 699854c0d6d6f36e2bddd8f965509e8a42c451d6 331036 nginx-light_1.6.2-1_amd64.deb af9f79028a6d337df98650317a1dff57177218a3 2159846 nginx-light-dbg_1.6.2-1_amd64.deb 989fbf3532101521cba8bd38d53810365762a0e2 594098 nginx-extras_1.6.2-1_amd64.deb 2e3d6a92818cccbf9093d4fc27042646941ffdf5 4944192 nginx-extras-dbg_1.6.2-1_amd64.deb 99c8aa41fe9fcc17071512b7c74237362f047957 368476 nginx-naxsi_1.6.2-1_amd64.deb 38bc7f43e1769a08015acb2c904fd72292cf024b 2279102 nginx-naxsi-dbg_1.6.2-1_amd64.deb e87d278b7e553301d7fc49f368487509c1d3bc5f 313628 nginx-naxsi-ui_1.6.2-1_all.deb Checksums-Sha256: ccf9f447c49403cee412b22bde654a27e1ff8baa961c3ec3773436d885068ff9 2992 nginx_1.6.2-1.dsc b5608c2959d3e7ad09b20fc8f9e5bd4bc87b3bc8ba5936a513c04ed8f1391a18 804164 nginx_1.6.2.orig.tar.gz 3a317d5fb068913d651bfc83c462cac3eefc1fb2caafe63473eef473621fe8e7 906648 nginx_1.6.2-1.debian.tar.xz 1059af91f1ed893247a05206144ade75cae7dca72e7a880e27d778448467a7dc 71460 nginx_1.6.2-1_all.deb f2363c8c728a6ece1bdca3ffefe0d8187122a75a1b83aaffecd7b9f0d5caed87 82690 nginx-doc_1.6.2-1_all.deb 9a8e2a82a8e200a7907f34bec7772927412310e7759f0631c6e1356b97ec4145 85252 nginx-common_1.6.2-1_all.deb 10647f783cf264aab40e7a89671c5086118e32faaf1ab0465d4fc05ee6bf84d6 428078 nginx-full_1.6.2-1_amd64.deb 4e6dc1be03f3a292651d394b459688da0415a00058799227e43a6d33e17d5e47 3122282 nginx-full-dbg_1.6.2-1_amd64.deb f57cec647a8cfb246eebf4df0fac5014561814bc27ffccf5469b1074e89cb9ea 331036 nginx-light_1.6.2-1_amd64.deb ce854664e43747c3a1587d0ecb4f1ad3c216b1cc1605a34e706eb614476b3dbd 2159846 nginx-light-dbg_1.6.2-1_amd64.deb f3b7d53274e9d4a5d32632849c149b3472514b93ba93b59c7fabf1b293e64e48 594098 nginx-extras_1.6.2-1_amd64.deb 3cc67ab822f0211efb67c2bfe999abe6e48cdb57238677a77cd26f4786d182e8 4944192 nginx-extras-dbg_1.6.2-1_amd64.deb bbe5c519a71849d6486d0deae9d2fc0add6173132efa49aee75df6e63d420d2d 368476 nginx-naxsi_1.6.2-1_amd64.deb 8f086169d4e43eb5e81556dc1030b9ae2c83c7f8da5db03c59ac9834c494e930 2279102 nginx-naxsi-dbg_1.6.2-1_amd64.deb f76a37acaa70eb465df45b6a93afd18ca35f01fb8892404c495a8bfd8f9721a0 313628 nginx-naxsi-ui_1.6.2-1_all.deb Files: b6d890e7be9d01e03463267a1f5d20e9 71460 httpd optional nginx_1.6.2-1_all.deb 1c170bfb35d9b526f3371b12530d0942 82690 doc optional nginx-doc_1.6.2-1_all.deb 17d2da20cdc94184091a70c24aa4839f 85252 httpd optional nginx-common_1.6.2-1_all.deb 527afdbbf5f7f2f85ac3c97c9d90195c 428078 httpd optional nginx-full_1.6.2-1_amd64.deb 96338af9174e5bf230da290bf8d69971 3122282 debug extra nginx-full-dbg_1.6.2-1_amd64.deb 6359b24b49fa7ce5fe43d41a1ea7f15f 331036 httpd extra nginx-light_1.6.2-1_amd64.deb f589eefce34d2a2bda68fce0296ef5e7 2159846 debug extra nginx-light-dbg_1.6.2-1_amd64.deb 612555e83ef1163fa83cb77c3322827c 594098 httpd extra nginx-extras_1.6.2-1_amd64.deb 2ae95f206a7a7913f473ba0fe7d2a94e 4944192 debug extra nginx-extras-dbg_1.6.2-1_amd64.deb 3a4776868fa23fd4776aa73a2d28c060 368476 httpd extra nginx-naxsi_1.6.2-1_amd64.deb 3740e013824f66ef4870a34cc6468684 2279102 debug extra nginx-naxsi-dbg_1.6.2-1_amd64.deb b1b4ca3a28ac637cee230ef81d21491e 313628 httpd extra nginx-naxsi-ui_1.6.2-1_all.deb 009ed7872ab3e6bf21cd5afd16eef0a6 2992 httpd optional nginx_1.6.2-1.dsc d1b55031ae6e4bce37f8776b94d8b930 804164 httpd optional nginx_1.6.2.orig.tar.gz ab001f916d11f4a251cb8151d485bcf7 906648 httpd optional nginx_1.6.2-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJUGUbzAAoJEBE2JgCnR+zZG5QP/3LJusitFl2Y1zl7x3Q6mwL1 NiDC3+WnPP2NCG7ulS24WGsY1i216m5J4u5rMzkXw7erEB+lXZheyNXS5TaRA7B4 fXsxy10kZtjCDUOLdAD5q2CUQ5C/SCXppYRVrTvjMDAshqjPXOetawdvV4pZAUf/ 2GUmzaCOT2eCeCYn0cQMnwJFOmoKFkDtIqWxiAyv+/Kmf5ZZw5KtOxD2x/Duss6H pt+kgHEEcvLUvPXx+x/hglcI7CiXEyj6KJ2iXCuxHZwZ1Kkwc1Fg6wCSwKBL1d7V 0yHeFxbDaE6XS37suVm0iK5Sw47ZcwCV807M1dP3A2OocZw2w7iFVZctMFHxjKtJ saBBlWeomq6L3HS2rTBOiqxQnI7yx+nhpsSBNo6j/e0hvMeTdnZhtYBDMUkmpApK LfhdFmF677BhJpBh/qCXshlNyff4b8Vg9MaYML3gJnZe7fI9DYsv3J4oUtzkoMkF bCFRg83dbgkogR0nCBUZ0vKFpRxnV8BilDmXkdIi1JBz2FmKBalQUK80jT/aQLGx ccmCvTE7wO/+wXm0zKkOK1DrlERKxNqznRYiN+hqR8gNl2HCIZrYjO4A7VcNN2U/ BPs3OjVGbbAXg7i/gh0LVXcm74MoIatDt+zyNiBSTtKEV9Ijzi6qQVM+ruqtbQDt RQpUPy72EX0jODuU/Xbz =eYdD -----END PGP SIGNATURE-----
--- End Message ---
