Your message dated Fri, 28 Aug 2020 14:48:15 +0000 with message-id <e1kbffr-0003ri...@fasolo.debian.org> and subject line Bug#964950: fixed in nginx 1.14.2-2+deb10u3 has caused the Debian Bug report #964950, regarding nginx: CVE-2020-11724 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 964950: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: nginx X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security upstream Hi, The following vulnerability was published for ngx_lua. CVE-2020-11724[0]: | ngx_http_lua_subrequest.c allows HTTP request smuggling, as | demonstrated by the ngx.location.capture API. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-11724 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724 Cheers! Sylvain Beucler Debian LTS Team
--- End Message ---
--- Begin Message ---Source: nginx Source-Version: 1.14.2-2+deb10u3 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of nginx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 964...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated nginx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Aug 2020 12:18:43 +0200 Source: nginx Architecture: source Version: 1.14.2-2+deb10u3 Distribution: buster-security Urgency: high Maintainer: Debian Nginx Maintainers <pkg-nginx-maintain...@alioth-lists.debian.net> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 964950 Changes: nginx (1.14.2-2+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * bugfix: prevented request smuggling in the ngx.location.capture API (CVE-2020-11724) (Closes: #964950) Checksums-Sha1: 323bc939eba9b2612ef63de38027a29402608960 4336 nginx_1.14.2-2+deb10u3.dsc 0493c48ba6333088add7aa68e154636b3a03eccb 932948 nginx_1.14.2-2+deb10u3.debian.tar.xz Checksums-Sha256: d2da063caac11430bbd3a85179b2e9f66d75c7f7159f9feb9b4ababebff0a549 4336 nginx_1.14.2-2+deb10u3.dsc 7e3d1a67fb64eec7a1d7f814a9b3734c6674317cb21edae9d7f518680f4a9770 932948 nginx_1.14.2-2+deb10u3.debian.tar.xz Files: 4c6e94b7e98fa4806a6f2677fdbe75d6 4336 httpd optional nginx_1.14.2-2+deb10u3.dsc eabdc815fd041a9f0bd8335075b6bb7e 932948 httpd optional nginx_1.14.2-2+deb10u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9DnC5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E7jkP/13DVNksUfYj2n7donXsolJOgtj1aXie GvW+TRGWIhLeK4KuaVggJTnPWfB8sPKRVs7mpLGmSwl/INIdrvp22cVBxJUrKIjW d3juU/pljDpEoOHpTpjKhY+yt6J0vA6bUlLaf+L2TMawYye9NeUmcXp+rPLk7RAy Dl1/RDzHh//ZA1/L0AzK32/aAkxdqUMRzPlr4ZYnGHsEOEUMEDP0vh1kX6WdkgBd DqiaM+cbKFMil/weuulLdMtBxvG9i3YjLQfslVhBPRm/+WAGwnNDCWPLcBfdmOSU OZQFdBwmgSiaOwL86s66LGfmm1GogsAnDMon1WROaZulk4wGiHv760TAG/TrxVne E8acHr0TPwszUJs/kY5gST64ESYGq35y/1R3kd+MvadIIPLTBTs/HMCT2R6w1b4E whbR5en4tydksuqW72E6r4L/aQn/zp504ZX45svdyce00DH8mcgGl0RqKq2A5S+r FI+ZrpXN8xOIZoIyyGfLs4/PX0zinhYHzVuJutaLYMsRms07b+IKhdDfdQYtx+hh QAxpTh+dwsiHni/wGDcvcwaDplGoOKgOccv6T6P/dlVw+M7GfXAsSqsHerKg5++N ZayXGc76i7qcXv6I0OWhhAS4dp6Toj6vzIUjqWyAFuE5QT722ITujiLJhVhj8oEe hu36GpQhqeDP =C7T6 -----END PGP SIGNATURE-----
--- End Message ---
