Per the notes on the CVE tracker:
sarnold> Backporting this fix is non-trivial and may break deployed
applications. Someone who really wanted this could use stunnel as a
work-around until 16.04 LTS is released.
This applies to Precise, Trusty, and Vivid.
** Changed in: nginx (Ubuntu
Ubuntu Wily has a fix for this included as part of the 1.9.3-1ubuntu1
merge. The fix for this issue was introduced in nginx 1.7.0.
** Also affects: nginx (Ubuntu Wily)
Importance: Low
Status: Confirmed
** Changed in: nginx (Ubuntu Wily)
Status: Confirmed => Fix Released
**
Ubuntu Utopic has gone End of Life as of today. As such, this bug is
being marked Won't Fix against the Utopic package.
Refer to: https://lists.ubuntu.com/archives/ubuntu-
announce/2015-July/000198.html
** Changed in: nginx (Ubuntu Utopic)
Status: Confirmed = Won't Fix
--
You received
lucid has seen the end of its life and is no longer receiving any
updates. Marking the lucid task for this ticket as Won't Fix.
** Changed in: nginx (Ubuntu Lucid)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
Note on the 'severity' per comment #2: The severity set is based on the
severity of the CVE, partly per the Security Team's tracker.
As this has been classified as low there, the severity here was set to
Low.
--
You received this bug notification because you are a member of Ubuntu
Server Team,
The nginx project tracker for this task was added to track the status in
the PPAs. This has landed in the NGINX PPA for Mainline. It has not
been backported to Stable at this time. (Was supposedly fixed in 1.7.0
per http://mailman.nginx.org/pipermail/nginx-
devel/2015-February/006484.html)
**
** Changed in: nginx (Debian)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1098654
Title:
nginx vulnerable to MITM Attack [CVE-2011-4968]
** Changed in: nginx (Ubuntu Quantal)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1098654
Title:
nginx vulnerable to MITM Attack
An upstream commit has been made addressing this issue.
Refer to
http://trac.nginx.org/nginx/changeset/060c2e692b96a150b584b8e30d596be1f2defa9c/nginx
for the fix.
I'll check if the other versions of nginx not listed here are affected
later, after work.
--
You received this bug notification
** Changed in: nginx (Ubuntu Raring)
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nginx in Ubuntu.
https://bugs.launchpad.net/bugs/1098654
Title:
nginx vulnerable to MITM Attack
10 matches
Mail list logo
