Bug#913090: marked as done (nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845)

Tue, 06 Nov 2018 23:09:28 -0800 

Your message dated Wed, 07 Nov 2018 07:04:04 +0000
with message-id <e1gkhsi-0009lq...@fasolo.debian.org>
and subject line Bug#913090: fixed in nginx 1.14.1-1
has caused the Debian Bug report #913090,
regarding nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
913090: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: nginx
Version: 1.10.3-1
Severity: important
Tags: security upstream
Control: found -1 1.10.3-1+deb9u1
Control: found -1 1.14.0-1

Hi,

The following vulnerabilities were published for nginx.

CVE-2018-16843[0]:
Excessive memory usage in HTTP/2

CVE-2018-16844[1]:
Excessive CPU usage in HTTP/2

CVE-2018-16845[2]:
Memory disclosure in the ngx_http_mp4_module

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-16843
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843
[1] https://security-tracker.debian.org/tracker/CVE-2018-16844
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844
[2] https://security-tracker.debian.org/tracker/CVE-2018-16845
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: nginx
Source-Version: 1.14.1-1

We believe that the bug you reported is fixed in the latest version of
nginx, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 913...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christos Trochalakis <ctrochala...@debian.org> (supplier of updated nginx 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 07 Nov 2018 07:16:00 +0200
Source: nginx
Binary: nginx nginx-doc nginx-common nginx-full nginx-light nginx-extras 
libnginx-mod-http-geoip libnginx-mod-http-image-filter 
libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream 
libnginx-mod-http-perl libnginx-mod-http-auth-pam libnginx-mod-http-lua 
libnginx-mod-http-ndk libnginx-mod-nchan libnginx-mod-http-echo 
libnginx-mod-http-upstream-fair libnginx-mod-http-headers-more-filter 
libnginx-mod-http-cache-purge libnginx-mod-http-fancyindex 
libnginx-mod-http-uploadprogress libnginx-mod-http-subs-filter 
libnginx-mod-http-dav-ext libnginx-mod-rtmp
Architecture: source
Version: 1.14.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Nginx Maintainers 
<pkg-nginx-maintain...@alioth-lists.debian.net>
Changed-By: Christos Trochalakis <ctrochala...@debian.org>
Description:
 libnginx-mod-http-auth-pam - PAM authentication module for Nginx
 libnginx-mod-http-cache-purge - Purge content from Nginx caches
 libnginx-mod-http-dav-ext - WebDAV missing commands support for Nginx
 libnginx-mod-http-echo - Bring echo and more shell style goodies to Nginx
 libnginx-mod-http-fancyindex - Fancy indexes module for the Nginx
 libnginx-mod-http-geoip - GeoIP HTTP module for Nginx
 libnginx-mod-http-headers-more-filter - Set and clear input and output headers 
for Nginx
 libnginx-mod-http-image-filter - HTTP image filter module for Nginx
 libnginx-mod-http-lua - Lua module for Nginx
 libnginx-mod-http-ndk - Nginx Development Kit module
 libnginx-mod-http-perl - Perl module for Nginx
 libnginx-mod-http-subs-filter - Substitution filter module for Nginx
 libnginx-mod-http-uploadprogress - Upload progress system for Nginx
 libnginx-mod-http-upstream-fair - Nginx Upstream Fair Proxy Load Balancer
 libnginx-mod-http-xslt-filter - XSLT Transformation module for Nginx
 libnginx-mod-mail - Mail module for Nginx
 libnginx-mod-nchan - Fast, flexible pub/sub server for Nginx
 libnginx-mod-rtmp - RTMP support for Nginx
 libnginx-mod-stream - Stream module for Nginx
 nginx      - small, powerful, scalable web/proxy server
 nginx-common - small, powerful, scalable web/proxy server - common files
 nginx-doc  - small, powerful, scalable web/proxy server - documentation
 nginx-extras - nginx web/proxy server (extended version)
 nginx-full - nginx web/proxy server (standard version)
 nginx-light - nginx web/proxy server (basic version)
Closes: 913090
Changes:
 nginx (1.14.1-1) unstable; urgency=medium
 .
   [ Kartik Mistry ]
   * Removed unused lintian override.
   * Fixed trailing whitespaces in changelog.
 .
   [ Christos Trochalakis ]
   * New upstream version. (Closes: #913090)
     + CVE-2018-16843 Excessive memory usage in HTTP/2
     + CVE-2018-16844 Excessive CPU usage in HTTP/2
     + CVE-2018-16845 Memory disclosure in the ngx_http_mp4_module
Checksums-Sha1:
 206f5e2a4d4a6554094f95826377c6911bd6520a 4149 nginx_1.14.1-1.dsc
 a9dc8c5b055a3f0021d09c112d27422f45dd439c 1014040 nginx_1.14.1.orig.tar.gz
 0ee7b68e27c16ccf8d799b183a3d4329eb93e39c 923328 nginx_1.14.1-1.debian.tar.xz
 80d8a3afc452edee5067914fff1427573377833b 22731 nginx_1.14.1-1_amd64.buildinfo
Checksums-Sha256:
 7c15bdfb2959bfe2a1fddfdafb5a63f3ddca9b730ab36a9ae1ff00b733d2ea64 4149 
nginx_1.14.1-1.dsc
 bf09974130c0d41c0a811decc17a96ec2f58cdc8bbacb771de8d38c9ba14a4a4 1014040 
nginx_1.14.1.orig.tar.gz
 441f2a1ec5b8416aa10232c825cb41c84eb63294e48b4315617626e33ff013e0 923328 
nginx_1.14.1-1.debian.tar.xz
 1a4e3e4ff8ef76cea219db648562e0480669d53e956af2548de0d1d36e4d13b7 22731 
nginx_1.14.1-1_amd64.buildinfo
Files:
 d712430a2fa7204fb365ee35eb1e7095 4149 httpd optional nginx_1.14.1-1.dsc
 18561561ffa2b63885b607453390b49c 1014040 httpd optional 
nginx_1.14.1.orig.tar.gz
 bd4eac44e90020b875dbac077e512300 923328 httpd optional 
nginx_1.14.1-1.debian.tar.xz
 f61190469aa8fae1c209e44b5ce66a69 22731 httpd optional 
nginx_1.14.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEf2SPbCEjyY+zKcgrETYmAKdH7NkFAlviif8ACgkQETYmAKdH
7NliMg/+M31E1b7Q8+Cbjb0l+XU9A9nsfTg0OuOYAqdAR8+ctAZ21pWB9pB+u1vU
ga41gu1p7UmYRP8OnfXYDR41Gg9vQ/UvR39dHu8GTQKJH9hAt1JHgvch6FaFsOaA
fFMtPsguR+YLzDrS6rwK830E1zDNLdG/cbXl0K9P6EOpyWdsEFb1D6etIcab7BPU
ZV7tuE4i9Y4xDplBs+vIfLqtsJi6DMSxH8ggwQHnFAAsxtuIRZdqIX9xllXM4DIJ
4I6o3Q06324Di/r+IEHpUpFjXHs0L4/84NHjLXYkjNcd8LzOcitHV4eM6j3otIwc
aBQEEMTiacyjglqabwGSl89b+12CNX9VXggclPr4Zo7VESph01MOa4b/5pdv5zsA
KuG2U7TeUBypZJIg4sof++ji2BVwyzRJNzYmnZV8S4pmECLOsaRWoZFYfK2ttFfD
dBvjbpFl8z7Z9aoVfPaEz7ptiIDSTndaq2o9dE0ZRLo5DM8D3ZUS9G4ojh1vGX7x
XURB0mX6m4TkjTG1hCQNI6ZPBghVkTE2cyKXO9UG9QHt7T9O63nW7nmHvBJZjvbf
UhYEWnS1oI0JSkS5EZtCHEgIVtSVW2qfWrCGm/k21bELAxlps1QEYvdXhMvA84G+
jXdBjw8P0behK7NlNMxHIqMVSZF88i2HzFxqBkCuvUJY4lD+Y/w=
=hW/W
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to