Bug#986787: marked as done (CVE-2020-36309)

Sat, 26 Nov 2022 00:39:21 -0800 

Your message dated Sat, 26 Nov 2022 08:36:21 +0000
with message-id <[email protected]>
and subject line Bug#986787: fixed in libnginx-mod-http-lua 1:0.10.22-4
has caused the Debian Bug report #986787,
regarding CVE-2020-36309
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
986787: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986787
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libnginx-mod-http-lua
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <[email protected]>

Hi,
this affects the lua module as bundled in the Debian nginx package
(originally reported/fixed by OpenResty), not sure what the canonical
upstream repo is for that module:
https://github.com/openresty/lua-nginx-module/compare/v0.10.15...v0.10.16
https://github.com/openresty/lua-nginx-module/pull/1654

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: libnginx-mod-http-lua
Source-Version: 1:0.10.22-4
Done: Jan Mojžíš <[email protected]>

We believe that the bug you reported is fixed in the latest version of
libnginx-mod-http-lua, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jan Mojžíš <[email protected]> (supplier of updated libnginx-mod-http-lua 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 26 Nov 2022 08:48:42 +0100
Source: libnginx-mod-http-lua
Architecture: source
Version: 1:0.10.22-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Nginx Maintainers 
<[email protected]>
Changed-By: Jan Mojžíš <[email protected]>
Closes: 986787
Changes:
 libnginx-mod-http-lua (1:0.10.22-4) unstable; urgency=medium
 .
   * d/tests: added 'generic' test
   * d/tests: cleanup in the code
   * d/source/options: file removed
   * Additional info: libnginx-mod-http-lua package after version 0.10.16 fixes
     CVE-2020-36309 (Closes: 986787)
Checksums-Sha1:
 0bd624fdfb74613fdd3823af809218285a0ff31b 2505 
libnginx-mod-http-lua_0.10.22-4.dsc
 462645fe49f079d479f461e57f8d28bd1b9a10d9 4016 
libnginx-mod-http-lua_0.10.22-4.debian.tar.xz
 515c64d6dc1d4b021defae4b9430645902fa8767 8963 
libnginx-mod-http-lua_0.10.22-4_source.buildinfo
Checksums-Sha256:
 4b0282751b057430f39809cb5bdc2cbfff4cb27bfa96cb8d6afee32a07dd32b8 2505 
libnginx-mod-http-lua_0.10.22-4.dsc
 a32d9dc351ce2d6c7c1635510f29435a551609be24c710c04b35ea9ea311c0ae 4016 
libnginx-mod-http-lua_0.10.22-4.debian.tar.xz
 d7abaccf4a6ffdb8e2f77d8ee211b2493e6bc6ec2ad8aec25b8286a4ce20fa2d 8963 
libnginx-mod-http-lua_0.10.22-4_source.buildinfo
Files:
 c6256c27b6c64987f1df9e6b74cddcbf 2505 httpd optional 
libnginx-mod-http-lua_0.10.22-4.dsc
 6566d6cb538adfe7ad368c2f3dca59d9 4016 httpd optional 
libnginx-mod-http-lua_0.10.22-4.debian.tar.xz
 21da1d956fffbed766d0f74186ba4feb 8963 httpd optional 
libnginx-mod-http-lua_0.10.22-4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCgAzFiEE0Aiwwj2EeeRrn8uQRdpRdJaTn/kFAmOBx/YVHGphbi5tb2p6
aXNAZ21haWwuY29tAAoJEEXaUXSWk5/5l3YP/AtkDFfBw5IxI6mZDPOoMW82uXqb
cm3Gsgc40ncDKC7uKCQFxMNRRtiDyYAzpuLSbrW3tWDXKUj25S+EPeq5luldXaMb
C1KueQIYBdTzZa0GSChuGpNqeDvQ4cgH9OLZmffMFgURo+bq3uCkRgUkWXgjgYbo
wtIFDZJTQCz8/2qg8Jvq5bW5yXdJn6dbMwCFeIIV87LzcqA+jD2Z9JQGikcfJFFL
DzhLgiRMosvqVvYw+Rm8973+Y9NfbLKNx0+ZqSTmevS3jo794Gaifkzt4DaEDXIT
Ita12C6/k2IQbbbrSurCOOq51UEk0Kuz55fXEipO39rZvvFJIeiXP4Cl2skAwfx+
zEsx6vuSi4wjqy/TMg04Z6vOiik5tUBbz10cBaQ5UrtyLTRdmDuOLeZDObrCuVZw
zhJGpuQN9JhLoi+ZxiVsH3wbK7w7lxGroun2KoSnQTQ0dpLjV817h4PkCdEJk4fc
WUaZSsKW/sofv2rAAqCyDxhKDOlpGcaOsLbHZctDVDyK40xhScZInEz1nKvUTZ3K
Hl/BbLirauRbTRqaxGrETJEXk/rUIHBeNLbrtm+V58AF2xAMMjPfp/0Uze9aTNC2
3ELVTFb4nzlQkLZo8Mi92OlaSx77Ps41XKAVZkFhiGfBycJ5pFbMpp8AeVNz0h8P
eLVBUNB7iwiAXH+7
=18jg
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to