Package: nginx-extras Version: 1.6.2-5+deb8u2 Severity: important
it's a major concern that changelog from nginx-extras/1.6.2-5+deb8u1 to nginx-extras/1.6.2-5+deb8u2 doesn't reflect the changes of dependencies of new nginx-extras package. It really sounds pretty odd. http://metadata.ftp-master.debian.org/changelogs//main/n/nginx/nginx_1.6.2-5+deb8u2_changelog nginx (1.6.2-5+deb8u2) jessie-security; urgency=medium [ Christos Trochalakis ] * Fixes CVE-2016-4450 NULL pointer dereference while writing client request body. (Closes: #825960) -- Christos Trochalakis <[email protected]><mailto:[email protected]> Tue, 31 May 2016 22:55:34 +0300 nginx (1.6.2-5+deb8u1) jessie-security; urgency=high [ Christos Trochalakis ] * Fixes multiple resolver CVEs, CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 Closes: #812806 -- Christos Trochalakis <[email protected]><mailto:[email protected]> Wed, 27 Jan 2016 12:22:00 +0200 nginx (1.6.2-5) unstable; urgency=medium (...) Packages information: (...) Package: nginx-extras Source: nginx Version: 1.6.2-5+deb8u1 Installed-Size: 1524 Maintainer: Kartik Mistry <[email protected]><mailto:[email protected]> Architecture: amd64 Provides: httpd, httpd-cgi, nginx Depends: nginx-common (= 1.6.2-5+deb8u1), perl (>= 5.20.2-3+deb8u3), perlapi-5.20.2, libc6 (>= 2.14), libexpat1 (>= 2.0.1), libgd3 (>= 2.1.0~alpha~), libgeoip1, libluajit-5.1-2, libpam0g (>= 0.99.7.1), libpcre3 (>= 1:8.35), libperl5.20 (>= 5.20.2), libssl1.0.0 (>= 1.0.1), libxml2 (>= 2.7.4), libxslt1.1 (>= 1.1.25), zlib1g (>= 1:1.2.0) Suggests: nginx-doc (= 1.6.2-5+deb8u1) Conflicts: nginx-full, nginx-light Breaks: nginx (<< 1.4.5-1) (...) (...) Package: nginx-extras Source: nginx Version: 1.6.2-5+deb8u2 Installed-Size: 1583 Maintainer: Kartik Mistry <[email protected]><mailto:[email protected]> Architecture: amd64 Provides: httpd, httpd-cgi, nginx Depends: nginx-common (= 1.6.2-5+deb8u2), perl (>= 5.20.2-3+deb8u4), perlapi-5.20.2, libc6 (>= 2.14), libexpat1 (>= 2.0.1), libgd3 (>= 2.1.0~alpha~), libgeoip1, liblua5.1-0, libpam0g (>= 0.99.7.1), libpcre3 (>= 1:8.35), libperl5.20 (>= 5.20.2), libssl1.0.0 (>= 1.0.1), libxml2 (>= 2.7.4), libxslt1.1 (>= 1.1.25), zlib1g (>= 1:1.2.0) Suggests: nginx-doc (= 1.6.2-5+deb8u2) Conflicts: nginx-full, nginx-light Breaks: nginx (<< 1.4.5-1) (...) Best Regards Nuno Leitao Nuno Leitão @ Telemetry Infrastructure Engineer Ext 637 New York +1 212 380 6666 London +44 (0)20 7148 7777 http://www.telemetry.com The Digital Media Forensics Company
