Bug#913090: marked as done (nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845)
Your message dated Sat, 10 Nov 2018 11:17:21 + with message-id and subject line Bug#913090: fixed in nginx 1.10.3-1+deb9u2 has caused the Debian Bug report #913090, regarding nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 913090: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: nginx Version: 1.10.3-1 Severity: important Tags: security upstream Control: found -1 1.10.3-1+deb9u1 Control: found -1 1.14.0-1 Hi, The following vulnerabilities were published for nginx. CVE-2018-16843[0]: Excessive memory usage in HTTP/2 CVE-2018-16844[1]: Excessive CPU usage in HTTP/2 CVE-2018-16845[2]: Memory disclosure in the ngx_http_mp4_module If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16843 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843 [1] https://security-tracker.debian.org/tracker/CVE-2018-16844 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844 [2] https://security-tracker.debian.org/tracker/CVE-2018-16845 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845 Regards, Salvatore --- End Message --- --- Begin Message --- Source: nginx Source-Version: 1.10.3-1+deb9u2 We believe that the bug you reported is fixed in the latest version of nginx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 913...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christos Trochalakis (supplier of updated nginx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 07 Nov 2018 07:40:42 +0200 Source: nginx Binary: nginx nginx-doc nginx-common nginx-full nginx-light nginx-extras libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libnginx-mod-http-perl libnginx-mod-http-auth-pam libnginx-mod-http-lua libnginx-mod-http-ndk libnginx-mod-nchan libnginx-mod-http-echo libnginx-mod-http-upstream-fair libnginx-mod-http-headers-more-filter libnginx-mod-http-cache-purge libnginx-mod-http-fancyindex libnginx-mod-http-uploadprogress libnginx-mod-http-subs-filter libnginx-mod-http-dav-ext Architecture: source Version: 1.10.3-1+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian Nginx Maintainers Changed-By: Christos Trochalakis Description: libnginx-mod-http-auth-pam - PAM authentication module for Nginx libnginx-mod-http-cache-purge - Purge content from Nginx caches libnginx-mod-http-dav-ext - WebDAV missing commands support for Nginx libnginx-mod-http-echo - Bring echo and more shell style goodies to Nginx libnginx-mod-http-fancyindex - Fancy indexes module for the Nginx libnginx-mod-http-geoip - GeoIP HTTP module for Nginx libnginx-mod-http-headers-more-filter - Set and clear input and output headers for Nginx libnginx-mod-http-image-filter - HTTP image filter module for Nginx libnginx-mod-http-lua - Lua module for Nginx libnginx-mod-http-ndk - Nginx Development Kit module libnginx-mod-http-perl - Perl module for Nginx libnginx-mod-http-subs-filter - Substitution filter module for Nginx libnginx-mod-http-uploadprogress - Upload progress system for Nginx libnginx-mod-http-upstream-fair - Nginx Upstream Fair Proxy Load Balancer libnginx-mod-http-xslt-filter - XSLT Transformation module for Nginx libnginx-mod-mail - Mail module for Nginx libnginx-mod-nchan - Fast, flexible pub/sub server for Nginx libnginx-mod-stream - Stream module for Nginx nginx - small, powerful, scalable web/proxy server nginx-common - small, powerful, scalable web/proxy server - common files nginx-doc - small, powerful, scalable web/proxy server - documentation nginx-extras - nginx web/proxy server (extended version) nginx-full - nginx web/proxy server (standard version) nginx-light - nginx web/proxy server (basic version) Closes: 913090 Changes: nginx (1.10.3-1+deb9u2)
Bug#913090: marked as done (nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845)
Your message dated Wed, 07 Nov 2018 07:04:04 + with message-id and subject line Bug#913090: fixed in nginx 1.14.1-1 has caused the Debian Bug report #913090, regarding nginx: CVE-2018-16843 CVE-2018-16844 CVE-2018-16845 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 913090: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: nginx Version: 1.10.3-1 Severity: important Tags: security upstream Control: found -1 1.10.3-1+deb9u1 Control: found -1 1.14.0-1 Hi, The following vulnerabilities were published for nginx. CVE-2018-16843[0]: Excessive memory usage in HTTP/2 CVE-2018-16844[1]: Excessive CPU usage in HTTP/2 CVE-2018-16845[2]: Memory disclosure in the ngx_http_mp4_module If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-16843 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843 [1] https://security-tracker.debian.org/tracker/CVE-2018-16844 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844 [2] https://security-tracker.debian.org/tracker/CVE-2018-16845 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845 Regards, Salvatore --- End Message --- --- Begin Message --- Source: nginx Source-Version: 1.14.1-1 We believe that the bug you reported is fixed in the latest version of nginx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 913...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christos Trochalakis (supplier of updated nginx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 07 Nov 2018 07:16:00 +0200 Source: nginx Binary: nginx nginx-doc nginx-common nginx-full nginx-light nginx-extras libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libnginx-mod-http-perl libnginx-mod-http-auth-pam libnginx-mod-http-lua libnginx-mod-http-ndk libnginx-mod-nchan libnginx-mod-http-echo libnginx-mod-http-upstream-fair libnginx-mod-http-headers-more-filter libnginx-mod-http-cache-purge libnginx-mod-http-fancyindex libnginx-mod-http-uploadprogress libnginx-mod-http-subs-filter libnginx-mod-http-dav-ext libnginx-mod-rtmp Architecture: source Version: 1.14.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Nginx Maintainers Changed-By: Christos Trochalakis Description: libnginx-mod-http-auth-pam - PAM authentication module for Nginx libnginx-mod-http-cache-purge - Purge content from Nginx caches libnginx-mod-http-dav-ext - WebDAV missing commands support for Nginx libnginx-mod-http-echo - Bring echo and more shell style goodies to Nginx libnginx-mod-http-fancyindex - Fancy indexes module for the Nginx libnginx-mod-http-geoip - GeoIP HTTP module for Nginx libnginx-mod-http-headers-more-filter - Set and clear input and output headers for Nginx libnginx-mod-http-image-filter - HTTP image filter module for Nginx libnginx-mod-http-lua - Lua module for Nginx libnginx-mod-http-ndk - Nginx Development Kit module libnginx-mod-http-perl - Perl module for Nginx libnginx-mod-http-subs-filter - Substitution filter module for Nginx libnginx-mod-http-uploadprogress - Upload progress system for Nginx libnginx-mod-http-upstream-fair - Nginx Upstream Fair Proxy Load Balancer libnginx-mod-http-xslt-filter - XSLT Transformation module for Nginx libnginx-mod-mail - Mail module for Nginx libnginx-mod-nchan - Fast, flexible pub/sub server for Nginx libnginx-mod-rtmp - RTMP support for Nginx libnginx-mod-stream - Stream module for Nginx nginx - small, powerful, scalable web/proxy server nginx-common - small, powerful, scalable web/proxy server - common files nginx-doc - small, powerful, scalable web/proxy server - documentation nginx-extras - nginx web/proxy server (extended version) nginx-full - nginx web/proxy server (standard version) nginx-light - nginx web/proxy server (basic version) Closes: 913090 Changes: nginx