Your message dated Fri, 28 Aug 2020 14:48:15 +0000
with message-id <e1kbffr-0003ri...@fasolo.debian.org>
and subject line Bug#964950: fixed in nginx 1.14.2-2+deb10u3
has caused the Debian Bug report #964950,
regarding nginx: CVE-2020-11724
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
964950: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: nginx
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security upstream

Hi,

The following vulnerability was published for ngx_lua.

CVE-2020-11724[0]:
| ngx_http_lua_subrequest.c allows HTTP request smuggling, as
| demonstrated by the ngx.location.capture API.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-11724
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724

Cheers!
Sylvain Beucler
Debian LTS Team

--- End Message ---
--- Begin Message ---
Source: nginx
Source-Version: 1.14.2-2+deb10u3
Done: Salvatore Bonaccorso <car...@debian.org>

We believe that the bug you reported is fixed in the latest version of
nginx, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 964...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated nginx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 24 Aug 2020 12:18:43 +0200
Source: nginx
Architecture: source
Version: 1.14.2-2+deb10u3
Distribution: buster-security
Urgency: high
Maintainer: Debian Nginx Maintainers 
<pkg-nginx-maintain...@alioth-lists.debian.net>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 964950
Changes:
 nginx (1.14.2-2+deb10u3) buster-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * bugfix: prevented request smuggling in the ngx.location.capture API
     (CVE-2020-11724) (Closes: #964950)
Checksums-Sha1: 
 323bc939eba9b2612ef63de38027a29402608960 4336 nginx_1.14.2-2+deb10u3.dsc
 0493c48ba6333088add7aa68e154636b3a03eccb 932948 
nginx_1.14.2-2+deb10u3.debian.tar.xz
Checksums-Sha256: 
 d2da063caac11430bbd3a85179b2e9f66d75c7f7159f9feb9b4ababebff0a549 4336 
nginx_1.14.2-2+deb10u3.dsc
 7e3d1a67fb64eec7a1d7f814a9b3734c6674317cb21edae9d7f518680f4a9770 932948 
nginx_1.14.2-2+deb10u3.debian.tar.xz
Files: 
 4c6e94b7e98fa4806a6f2677fdbe75d6 4336 httpd optional nginx_1.14.2-2+deb10u3.dsc
 eabdc815fd041a9f0bd8335075b6bb7e 932948 httpd optional 
nginx_1.14.2-2+deb10u3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9DnC5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E7jkP/13DVNksUfYj2n7donXsolJOgtj1aXie
GvW+TRGWIhLeK4KuaVggJTnPWfB8sPKRVs7mpLGmSwl/INIdrvp22cVBxJUrKIjW
d3juU/pljDpEoOHpTpjKhY+yt6J0vA6bUlLaf+L2TMawYye9NeUmcXp+rPLk7RAy
Dl1/RDzHh//ZA1/L0AzK32/aAkxdqUMRzPlr4ZYnGHsEOEUMEDP0vh1kX6WdkgBd
DqiaM+cbKFMil/weuulLdMtBxvG9i3YjLQfslVhBPRm/+WAGwnNDCWPLcBfdmOSU
OZQFdBwmgSiaOwL86s66LGfmm1GogsAnDMon1WROaZulk4wGiHv760TAG/TrxVne
E8acHr0TPwszUJs/kY5gST64ESYGq35y/1R3kd+MvadIIPLTBTs/HMCT2R6w1b4E
whbR5en4tydksuqW72E6r4L/aQn/zp504ZX45svdyce00DH8mcgGl0RqKq2A5S+r
FI+ZrpXN8xOIZoIyyGfLs4/PX0zinhYHzVuJutaLYMsRms07b+IKhdDfdQYtx+hh
QAxpTh+dwsiHni/wGDcvcwaDplGoOKgOccv6T6P/dlVw+M7GfXAsSqsHerKg5++N
ZayXGc76i7qcXv6I0OWhhAS4dp6Toj6vzIUjqWyAFuE5QT722ITujiLJhVhj8oEe
hu36GpQhqeDP
=C7T6
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to