Your message dated Sun, 30 May 2021 18:02:08 +0000
with message-id <[email protected]>
and subject line Bug#989095: fixed in nginx 1.14.2-2+deb10u4
has caused the Debian Bug report #989095,
regarding nginx: CVE-2021-23017: DNS Resolver off-by-one heap write
vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
989095: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989095
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: nginx
Version: 1.18.0-6
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 1.14.2-2+deb10u3
Control: found -1 1.14.2-2
Hi,
The following vulnerability was published for nginx.
CVE-2021-23017[0]:
| DNS Resolver off-by-one heap write vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-23017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017
[1] https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nginx
Source-Version: 1.14.2-2+deb10u4
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nginx, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated nginx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 28 May 2021 10:43:00 +0200
Source: nginx
Architecture: source
Version: 1.14.2-2+deb10u4
Distribution: buster-security
Urgency: medium
Maintainer: Debian Nginx Maintainers
<[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 989095
Changes:
nginx (1.14.2-2+deb10u4) buster-security; urgency=medium
.
* CVE-2021-23017 (Closes: #989095)
Checksums-Sha1:
b9214d993ee43d3b1f23dedf615601c327ec4b06 4181 nginx_1.14.2-2+deb10u4.dsc
1cf503dc53340b93bf936fadb61181e4a665a0ef 933328
nginx_1.14.2-2+deb10u4.debian.tar.xz
64cca9136027c3c14e2d8b118bdff8590f5beef9 23230
nginx_1.14.2-2+deb10u4_amd64.buildinfo
Checksums-Sha256:
c223310ca32cf9ee9fb889e0502643aaef498e314f76fc7bd689fe120d5b1f4e 4181
nginx_1.14.2-2+deb10u4.dsc
dbde3249c0d178c82020e7983573a142aedd59105b9621d326e4f258ff0329d2 933328
nginx_1.14.2-2+deb10u4.debian.tar.xz
292bdcb33cfc5ed7a5d938d477bebc75b13b0d68e37586692ea5cf2dce7f2031 23230
nginx_1.14.2-2+deb10u4_amd64.buildinfo
Files:
721a72dbaa55de3fd655b4ea9557d0d3 4181 httpd optional nginx_1.14.2-2+deb10u4.dsc
b53178d4a81dbe6444dda5b65e4e1f2d 933328 httpd optional
nginx_1.14.2-2+deb10u4.debian.tar.xz
40cef8129cb521c6e807d5b62089e217 23230 httpd optional
nginx_1.14.2-2+deb10u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCwuRQACgkQEMKTtsN8
TjbohxAAkwkRkqN2y2corvCF2cvrkPsZwvIEaWuSbtzrMZT9HYPyyp77xmWBr/lj
PcSutfnfSIws9DbihfvwO3l1CnvVTLe0ln4f0k7aNBeCbsMp9UYrzriZzz+wys9B
BWNqxBNuuAqIl9zqof1byFvq9iHASxBANOhbUbaly1r3UQjJIdRlGDzAuIvrU7ig
Q0+qODqZLmtKHC9Qiu/+LPuKL614x/SNCTHk0rG8PECTKv8elgnkyXorlWYxNtpP
hIQQhzVWE7s98ksd4hQ0RZu0SfgEq+orLVOv+3A0SsNNIPHVZjjcu7cNt4wxX/dx
tLRWh86e1Cgc8kLVJa9rnstzuCir8Kn45cgzL0qqbWUhQob/epLlJeVD7U8og44f
I6E5pD/EZ8MRrSYiu9EvylIlISpbwR1isthI+NEUG28kjJismFOyNyJwgp2733+K
IeD7GrEiP6TZ0oNPAbYoC+jm23Dr/y/bkGCtsFIWxD8s61CxkW/BRUtxtSXHoKQN
19wC7p0acllXCmYwdrbtRVtgggDVGmlESj/Q9YilL1+jKPavoZDwy1lZ3tr7Qga+
A208STiOo4kvsyPsEhwjEpza76Yn0aYc0W21IUt72G/6YokOZoql101srDcYg5YL
3x9o0qdzcqRVjYzXvOh/wUGEtlsi9E4AVtODVEF8aiBhdBTHMA0=
=KuCo
-----END PGP SIGNATURE-----
--- End Message ---
