Your message dated Tue, 14 Jul 2020 08:36:02 +0000
with message-id <[email protected]>
and subject line Bug#964950: fixed in nginx 1.18.0-5
has caused the Debian Bug report #964950,
regarding nginx: CVE-2020-11724
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
964950: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nginx
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for ngx_lua.
CVE-2020-11724[0]:
| ngx_http_lua_subrequest.c allows HTTP request smuggling, as
| demonstrated by the ngx.location.capture API.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-11724
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724
Cheers!
Sylvain Beucler
Debian LTS Team
--- End Message ---
--- Begin Message ---
Source: nginx
Source-Version: 1.18.0-5
Done: =?utf-8?b?T25kxZllaiBOb3bDvQ==?= <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nginx, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Nový <[email protected]> (supplier of updated nginx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 14 Jul 2020 10:08:15 +0200
Source: nginx
Architecture: source
Version: 1.18.0-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Nginx Maintainers
<[email protected]>
Changed-By: Ondřej Nový <[email protected]>
Closes: 964950
Changes:
nginx (1.18.0-5) unstable; urgency=medium
.
* Prevented request smuggling in LUA
CVE-2020-11724
Closes: #964950
Checksums-Sha1:
6839c8e7a7e04731bf44f0afa02cb01b898ba101 4750 nginx_1.18.0-5.dsc
a24f0355029ae09b67861677b9ceca223f4ff00e 1038760 nginx_1.18.0-5.debian.tar.xz
4476fd788723f13faa0eb48df603bb80344b7945 25156 nginx_1.18.0-5_amd64.buildinfo
Checksums-Sha256:
3aacd8d456e58aedc2730440e01cd7e4fa6135825b4ad9cfaeba3a46a806a5f7 4750
nginx_1.18.0-5.dsc
8d50608bcf8295d901eeda021af6684d43ac13ff2fb51c77f8a2d64f464c9b29 1038760
nginx_1.18.0-5.debian.tar.xz
1e1e324acb5d2f31ea39318659413c820edffd58adf398ba80f9ab1eb524076c 25156
nginx_1.18.0-5_amd64.buildinfo
Files:
a9b134d5bdd14b11240d93accbec37ec 4750 httpd optional nginx_1.18.0-5.dsc
29c0cb790d95fd0b641cd2217152385f 1038760 httpd optional
nginx_1.18.0-5.debian.tar.xz
9e61b8b1f39fd8c1db71d483d7380ed5 25156 httpd optional
nginx_1.18.0-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEPZg8UuuFmAxGpWCQNXMSVZ0eBksFAl8NaY4ACgkQNXMSVZ0e
BkvRQA/9HJDawjgGYAZ1q/HtunVSloxoeXGwwJaSAz3lv88uNzPctqQw9KEGixBL
LtIEFl/S0rPPp0X4/jdqa9akKQfjvx6GGKqFPrSidjs+oHzDflyRR1SdeLm024cE
zrzK+7Bw7NlmC2ZzZMRxMmCvBWdMZvHpeVGGRC4XJozvEsaXkXdgj/iAM5+fUmX5
mBkeclfHXhrs3HGH3nRFGHO8oGdz12s1q9pCKwgdpAmgz2RmmF7WfGYNEe5P+8iC
1sKKMcuD0gHvRSjh83EIkNxQci/qQL3FVykgose5yQhH0ibsZIT0RRcg57dahrDk
wtkRHrL9vDH6AtfTRhnCWt5oO9HxdKViyaJeC5GvY2Obinf2OP3A6tEUeiYxje1z
F2CGtje5n6l7SfhqY3Tfm72tf4am6RX14yZF8mgWoche/burtf2M0/SKpz76oQai
eVMJf0fIo5CBdrR2uicNmbqTyfBypM1mb40RRa3CWh9z+28xZ5njBwGnQqPISIt0
CV2EN0pVdDqs5Cg/yLxGTmgVC8q9gNrbQzQl/jpVstPfJZq1eAh3uDHsPUKCWtWE
yY55qyPZbvQ+aHoXIWgEiBm+NBTggzNS49ckh4hRLOC28KBZujeSlUFYkcumtjBV
TTnmOxagizyvvgJnR57EU+UI9J3WQsBUGrwHWd13wYYwUzqYfVg=
=WEwf
-----END PGP SIGNATURE-----
--- End Message ---
