Your message dated Tue, 14 Jul 2020 08:14:56 +0000
with message-id <[email protected]>
and subject line Bug#964950 fixed in nginx
has caused the Debian Bug report #964950,
regarding nginx: CVE-2020-11724
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
964950: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nginx
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for ngx_lua.
CVE-2020-11724[0]:
| ngx_http_lua_subrequest.c allows HTTP request smuggling, as
| demonstrated by the ngx.location.capture API.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-11724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724
Cheers!
Sylvain Beucler
Debian LTS Team
--- End Message ---
--- Begin Message ---
Hello,
Bug #964950 in nginx reported by you has been fixed in the Git repository.
You can see the commit message below and you can check the diff of the fix at:
https://salsa.debian.org/nginx-team/nginx/-/commit/aa1f93ee247cd7d21473f35bcba4a95cdfb388ad
------------------------------------------------------------------------
Prevented request smuggling in LUA CVE-2020-11724 Closes: #964950
------------------------------------------------------------------------
(this message was generated automatically)
--
Greetings
https://bugs.debian.org/964950
--- End Message ---
