Thanks for the debdiffs! In general, they are fine, but a couple of nitpicks
for future updates:
* for consistency, the format of the changelog should use 'SECURITY UPDATE',
not 'Security update' and follow the changelog format as described in
This bug was fixed in the package nginx - 1.1.19-1ubuntu0.2
---
nginx (1.1.19-1ubuntu0.2) precise-security; urgency=low
* Security update (closes LP: #1182586):
* Patch to fix a buffer overflow vulnerability (CVE-2013-2070)
-- Thomas Ward tew...@ubuntu.com Fri, 24 May 2013
This bug was fixed in the package nginx - 1.2.1-2.2ubuntu0.1
---
nginx (1.2.1-2.2ubuntu0.1) quantal-security; urgency=low
* Security update (closes LP: #1182586):
* Patch to fix a buffer overflow vulnerability (CVE-2013-2070)
-- Thomas Ward tew...@ubuntu.com Fri, 24 May 2013
This bug was fixed in the package nginx - 1.2.6-1ubuntu3.2
---
nginx (1.2.6-1ubuntu3.2) raring-security; urgency=low
* Security update (closes LP: #1182586):
* Patch to fix a buffer overflow vulnerability (CVE-2013-2070)
-- Thomas Ward tew...@ubuntu.com Fri, 24 May 2013
** Changed in: nginx (Ubuntu Precise)
Status: Confirmed = In Progress
** Changed in: nginx (Ubuntu Quantal)
Status: Confirmed = In Progress
** Changed in: nginx (Ubuntu Raring)
Status: Confirmed = In Progress
--
You received this bug notification because you are a member
Attaching debdiff, targeting precise-security, which addresses this CVE
in precise.
** Patch added: Precise debdiff for this bug
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1182586/+attachment/3685928/+files/lp1182586-precise.debdiff
--
You received this bug notification because
Attaching debdiff, targeting quantal-security, which addresses this CVE
in quantal.
** Patch added: Quantal debdiff for this bug
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1182586/+attachment/3685929/+files/lp1182586-quantal.debdiff
--
You received this bug notification because
Attaching debdiff, targeting raring-security, which addresses this CVE
in raring.
** Patch added: Raring debdiff for this bug
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1182586/+attachment/3685930/+files/lp1182586-raring.debdiff
--
You received this bug notification because you
** Changed in: nginx (Ubuntu Precise)
Status: In Progress = Confirmed
** Changed in: nginx (Ubuntu Quantal)
Status: In Progress = Confirmed
** Changed in: nginx (Ubuntu Raring)
Status: In Progress = Confirmed
** Changed in: nginx (Ubuntu Precise)
Assignee: Thomas Ward
I have put build tests for this into the PPA at
https://launchpad.net/~teward/+archive/nginx-ubuntu-security
I have not found any test-cases yet for this bug, which may require the
security team to decide whether or not this patch is to be included
without a test-case.
--
You received this bug
** Also affects: nginx (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: nginx (Ubuntu Raring)
Importance: Undecided
Status: New
** Also affects: nginx (Ubuntu Quantal)
Importance: Undecided
Status: New
--
You received this bug notification
To summarize the reasons for the changes on this bug done by me:
This CVE has already been Fix Released in Saucy, as part of the
1.4.1-1ubuntu2 package, and as part of the merge of 1.4.1-1 from Debian
with the ubuntu delta that exists.
The affected versions are in Precise, Quantal, and Raring,
** Changed in: nginx (Ubuntu)
Assignee: (unassigned) = Thomas Ward (teward)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1182586
Title:
CVE-2013-2070: nginx proxy_pass buffer overflow
13 matches
Mail list logo