Control: severity -1 grave Control: notforwarded -1 I did not get any response to my bug report which I tagged with 'security', so I'm upping the severity and believe the Debian documentation justifies it. https://www.debian.org/Bugs/Developer#severities says: "Most security bugs should also be set at critical or grave severity."
Feel free to downgrade the severity if you don't agree this is a security or a 'grave' issue (which should be fixed before Bullseye is released). But then I'll at least know someone has seen and evaluated the issue. I've also cleared the 'forwarded' as it is not an upstream issue. https://salsa.debian.org/nginx-team/nginx/-/merge_requests/7 still contains my patch which fixes this issue by removing "TLSv1 TLSv1.1" from the "ssl_protocols" setting in debian/conf/nginx.conf https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0 says: "The PCI Council suggested that organizations migrate from TLS 1.0 to TLS 1.1 or higher before June 30, 2018. In October 2018, Apple, Google, Microsoft, and Mozilla jointly announced they would deprecate TLS 1.0 and 1.1 in March 2020."
signature.asc
Description: This is a digitally signed message part.
