Bug#742059: marked as done (nginx: CVE-2014-0133: SPDY heap buffer overflow)

Debian Bug Tracking System Tue, 18 Mar 2014 14:46:43 -0700

Your message dated Tue, 18 Mar 2014 21:41:54 +0000
with message-id <e1wq1li-0001xh...@franck.debian.org>
and subject line Bug#742059: fixed in nginx 1.4.7-1
has caused the Debian Bug report #742059,
regarding nginx: CVE-2014-0133: SPDY heap buffer overflow
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
742059: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742059
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: nginx
Version: 1.4.6-1
Severity: grave
Tags: security, fixed-upstream

http://nginx.org/en/security_advisories.html
http://nginx.org/download/patch.2014.spdy2.txt

Not vulnerable: 1.5.12+, 1.4.7+
Vulnerable: 1.3.15-1.5.11

---
Henri Salo

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: nginx
Source-Version: 1.4.7-1

We believe that the bug you reported is fixed in the latest version of
nginx, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 742...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christos Trochalakis <yati...@ideopolis.gr> (supplier of updated nginx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 18 Mar 2014 22:03:47 +0200
Source: nginx
Binary: nginx nginx-doc nginx-common nginx-full nginx-full-dbg nginx-light 
nginx-light-dbg nginx-extras nginx-extras-dbg nginx-naxsi nginx-naxsi-dbg 
nginx-naxsi-ui
Architecture: source all amd64
Version: 1.4.7-1
Distribution: unstable
Urgency: medium
Maintainer: Kartik Mistry <kar...@debian.org>
Changed-By: Christos Trochalakis <yati...@ideopolis.gr>
Description: 
 nginx      - small, powerful, scalable web/proxy server
 nginx-common - small, powerful, scalable web/proxy server - common files
 nginx-doc  - small, powerful, scalable web/proxy server - documentation
 nginx-extras - nginx web/proxy server (extended version)
 nginx-extras-dbg - nginx web/proxy server (extended version) - debugging 
symbols
 nginx-full - nginx web/proxy server (standard version)
 nginx-full-dbg - nginx web/proxy server (standard version) - debugging symbols
 nginx-light - nginx web/proxy server (basic version)
 nginx-light-dbg - nginx web/proxy server (basic version) - debugging symbols
 nginx-naxsi - nginx web/proxy server (version with naxsi)
 nginx-naxsi-dbg - nginx web/proxy server (version with naxsi) - debugging 
symbols
 nginx-naxsi-ui - nginx web/proxy server - naxsi configuration front-end
Closes: 732251 742059
Changes: 
 nginx (1.4.7-1) unstable; urgency=medium
 .
   [ Christos Trochalakis ]
   * New upstream release. (Closes: #742059)
     + Fixes pottential arbitrary code execution (CVE-2014-0133)
       Debian build was not vulnerable since it was compiled
       with the --with-debug configure option.
   * debian/modules/nginx-http-push:
     + Update to v0.711 (Closes: #732251)
   * debian/modules/headers-more-nginx-module:
     + Update to v0.25, containing several bugfixes.
   * debian/modules/nginx-echo:
     + Update to v0.51, containing several bugfixes.
   * debian/modules/nginx-dav-ext-module:
     + Update to v0.0.3, containing some uri encoding fixes.
   * debian/modules/ngx_http_substitutions_filter_module:
     + Update to v0.6.4, containing some enhancements.
   * debian/modules/nginx-auth-pam:
     + Update to v1.3.
       This version contains our downstream patch (See: #721702)
Checksums-Sha1: 
 4f9cf827d459aa2915af72c28aea541482b53730 2773 nginx_1.4.7-1.dsc
 e13b5b23f9be908b69652b0c394a95e9029687e3 769153 nginx_1.4.7.orig.tar.gz
 72bce3651c7e436fe758aa50a53ec3141cdc4fbb 867988 nginx_1.4.7-1.debian.tar.xz
 ebe6f8634f1dd6f3bb89c885525e1ee3f960e663 68168 nginx_1.4.7-1_all.deb
 9ebae887c8feb8261f7347b3108ee1cf879d1ae4 79380 nginx-doc_1.4.7-1_all.deb
 7db9fc033adcb745c526cd87e8b91b0a19295430 80978 nginx-common_1.4.7-1_all.deb
 a119a99d0c867ba9d3b07d1791252170b4265f33 310336 nginx-naxsi-ui_1.4.7-1_all.deb
 0dfe44b0ee67040c70316042d3d0a928a9ff1116 406536 nginx-full_1.4.7-1_amd64.deb
 cb86125375934d50fb8dead1df54b86bd3ea2e2f 3154358 
nginx-full-dbg_1.4.7-1_amd64.deb
 b7fce01952803a901e5a01a3da39a98f34592297 315150 nginx-light_1.4.7-1_amd64.deb
 a9999fcda71815671f936951fe3222ac5b0d446b 2159764 
nginx-light-dbg_1.4.7-1_amd64.deb
 3e6e75af8f53c6d03d8f86c24a66cadffc67d5bf 560092 nginx-extras_1.4.7-1_amd64.deb
 3ceb722e00216611655738bd3c21679804ffd59b 4850416 
nginx-extras-dbg_1.4.7-1_amd64.deb
 9dfe0e6d6aa2f39afe29d51baecdc11a98fc57bd 351072 nginx-naxsi_1.4.7-1_amd64.deb
 f8e8ef8012eb92e429a1ed00dd7a85fa5082ae30 2303046 
nginx-naxsi-dbg_1.4.7-1_amd64.deb
Checksums-Sha256: 
 9991a18e71622134b37d50366af02857468b7776ae727abca3c82e59ef178fc1 2773 
nginx_1.4.7-1.dsc
 23b8ff4a76817090678f91b0efbfcef59a93492f6612dc8370c44c1f1ce1b626 769153 
nginx_1.4.7.orig.tar.gz
 d392b6103e8f1c170b4a48ab0b9dc08dd0b1b2d25b04f24548e78511c3be5068 867988 
nginx_1.4.7-1.debian.tar.xz
 102ae7eefd5d350377f7f0869ac4faaf180b8b364afba5f4cad4ba7c8fe19e4f 68168 
nginx_1.4.7-1_all.deb
 c8728eb145f4a6992b865d354192f4cd448383530e07c788bc5d446f0c8eed75 79380 
nginx-doc_1.4.7-1_all.deb
 ed7c1f02ae4fe8245f46084ceccebd6c2beeb3b891ba6186f5c0d2710876a5cf 80978 
nginx-common_1.4.7-1_all.deb
 71a1add0e8b950f1e30a80b0de510b8b77f5c67926f79c3b70d2f20989d521da 310336 
nginx-naxsi-ui_1.4.7-1_all.deb
 ec761b87dddccb08f358081ff8d1042778b5dd0ae36c9f149cb98e829c5093a1 406536 
nginx-full_1.4.7-1_amd64.deb
 ed81fb4d8c290aa79bf80fcfa9b9434941ed2f7a5e6c80b7e88398ce84a36696 3154358 
nginx-full-dbg_1.4.7-1_amd64.deb
 a73753d5a2f4e146d0e4273d0d5a541928ab4f7d4fa5b4cd30da0494919a00d5 315150 
nginx-light_1.4.7-1_amd64.deb
 29c86a516033a07fa6e850bc6ef15cf0f0c792570e0b6a74d439def051e997d1 2159764 
nginx-light-dbg_1.4.7-1_amd64.deb
 193ebecb13a1edb35b7ffe8cef9297d6afa9fbc1947930a6a954c7fbec599a00 560092 
nginx-extras_1.4.7-1_amd64.deb
 98ecc7b4fcdc28f0161e295e5f055d76568527fb48ea5714e0afc88d6639a5c3 4850416 
nginx-extras-dbg_1.4.7-1_amd64.deb
 5eb63539d672123a53f0a906f2f849a8f1091355a66c76c4863ad7cd04cac43f 351072 
nginx-naxsi_1.4.7-1_amd64.deb
 4e86783d9102a8dcda15ced66d5a02d948f2bcb1e4b6aa3eec925ed3fa13ec4a 2303046 
nginx-naxsi-dbg_1.4.7-1_amd64.deb
Files: 
 4451ec0ba1f1aac73b3adcd8da25c06b 2773 httpd optional nginx_1.4.7-1.dsc
 aee151d298dcbfeb88b3f7dd3e7a4d17 769153 httpd optional nginx_1.4.7.orig.tar.gz
 b59ea48f28019103c7e6c3e4034d5495 867988 httpd optional 
nginx_1.4.7-1.debian.tar.xz
 4c6384bedd2533345f6c001809623745 68168 httpd optional nginx_1.4.7-1_all.deb
 235daf15d707ee36f2f04acc0bb3f5a2 79380 doc optional nginx-doc_1.4.7-1_all.deb
 ba62ecb56bf8a4a9cc6199ca4406e93f 80978 httpd optional 
nginx-common_1.4.7-1_all.deb
 93fe6da54a3f02a5258457297af0dd74 310336 httpd extra 
nginx-naxsi-ui_1.4.7-1_all.deb
 72053413eac8e4b12ff4d88802fa3748 406536 httpd optional 
nginx-full_1.4.7-1_amd64.deb
 1156ec9ed874ef116deaab096dc3f42a 3154358 debug extra 
nginx-full-dbg_1.4.7-1_amd64.deb
 6d72973305a5c9cfe029ca36a0aaab51 315150 httpd extra 
nginx-light_1.4.7-1_amd64.deb
 8d2cd2d6f982a06a84b2b9cd169c0216 2159764 debug extra 
nginx-light-dbg_1.4.7-1_amd64.deb
 6c2dca4631464cc9ed6793a85e84c8aa 560092 httpd extra 
nginx-extras_1.4.7-1_amd64.deb
 1664b316771c5820259e3041d79116c9 4850416 debug extra 
nginx-extras-dbg_1.4.7-1_amd64.deb
 69d3a441b6487a78b9500422980b1bff 351072 httpd extra 
nginx-naxsi_1.4.7-1_amd64.deb
 feefa2caf1ff7513f19ae8cc5dc5e2ff 2303046 debug extra 
nginx-naxsi-dbg_1.4.7-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJTKKqYAAoJEBE2JgCnR+zZGr8QANG1UlpidO8RTSUoHgTbGMVq
2pQl4uhS3YjRP7LgNWdktSA1Da/Wop1q8HAW+gB5cBktKtbglYSLQQl4ZrETyYOJ
/nh/IJOK5Ij70jz6V5EsOmOli5apw8eFx4DvZHvOEBZZl6II8oEz9DSHW9OQ/9Bc
+V+vBQ5RRQg/sXS7CbupjGWUoefn9o9i+V1tUPvHBpGPMZJjeGtjzOEY8f9xFYjC
R0jl3LW3VsKpNAJghHqCYjhrNBWLRlMU4jHcJGCOamLrdKCud7U2h94AQYQ2DBCz
n4tvCECRwk3NDsfDhOvHOIXPEmf7R64enZYWrVJmeJ7EYNqNw/p1IW+44dizUQ7S
MwJxmieCphUd6MaX659gEN80TvhwTtRWtal6vJ2noSDS7UUIXnPGQATW+/NclRqf
v/u6H5v1zeiRbQ+LFKYC7JFUROnchtO4yI0y3TTm7Coa5OAtHI5o6K3vaUtrJjbd
JJzpDcXN6FTFHR0QTx0uGwDzOyLbZ1LCXxlOQ5V0fmGWkzuLjRlxcwh4pumfMzBS
mEdb0/xLOnPUfGg2XSQfsGPLE+mvuzkrxGFjdkn4+Yu6rtmDXxQR/+Km1QCXDnfq
SIiaxR1+lKDxwtIrU88nVTbpdJhTxPo55YM2PiipvNM7vw/LPdZSlPrB/16HFpQd
E6U+1Is/3usqw9NYfS/L
=mamK
-----END PGP SIGNATURE-----

--- End Message ---

Bug#742059: marked as done (nginx: CVE-2014-0133: SPDY heap buffer overflow)

Reply via email to