Marked as Fix Released as sync of 1.2.0.-1 from Debian to Quantal is
complete.
** Changed in: nginx (Ubuntu)
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
sbeattie already addressed that on IRC. I am working on fixing them.
Also note that I did not include change logs per previous SRU
occurrences where I was told to omit the change log when possible.
The changes to git related items are unintended, as I did not modify
them. I can add an exclude
Possibly. I will modify my system to correctly allow for the changelog to
be included. I will be adding an exclude rule for the git items you
mentioned, those shouldn't be changed, and that may have happened by pure
accident when my system was building the package.
--
Thomas
On Thu, May 31,
*** This bug is a duplicate of bug 970638 ***
https://bugs.launchpad.net/bugs/970638
** This bug has been marked a duplicate of bug 970638
killall can't kill processes with fairly long names (Ubuntu 12.04)
--
You received this bug notification because you are a member of Ubuntu
Bugs,
** Summary changed:
- Typo in package description: s/it's/its/
+ Typo in nginx-light package description
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1000940
Title:
Typo in nginx-light package
Confirmed in Quantal.
Fix exists in Debian.
** Changed in: nginx (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1000940
Title:
Typo in nginx-light package
Re: no longer affects debian: Fix exists in Debian: 1.2.0-1 has correct
spelling and grammar.
** Also affects: nginx (Debian)
Importance: Undecided
Status: New
** No longer affects: nginx (Debian)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
** Changed in: nginx (Ubuntu Precise)
Assignee: Michael Lustfield (michaellustfield) = Thomas Ward
(trekcaptainusa-tw)
** Changed in: nginx (Ubuntu Oneiric)
Assignee: Michael Lustfield (michaellustfield) = Thomas Ward
(trekcaptainusa-tw)
** Changed in: nginx (Ubuntu Natty
** Changed in: nginx (Ubuntu Lucid)
Assignee: Michael Lustfield (michaellustfield) = Thomas Ward
(trekcaptainusa-tw)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/956150
Title:
March 15th
I am checking upstream now, to see if this functionality was removed.
However, I have tested this myself with stock Firefox as exists in
Ubuntu, and your bug does not exist.
Are you using any strange addons or the likes which affects bookmarks?
--
You received this bug notification because you
Secondary question (posed after i poked upstream devs):
Are you rearranging in the menus, or using the Bookmarks Manager (to
manually drag/drop/sort within every bookmarks folder)?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Marking as Incomplete as the functionality is listed upstream with
manual drag-and-drop (ignore comment 11). Also since it cannot be
confirmed, this should be marked as Incomplete given a lack of
specific information regarding the setup and use case in the OP's
environment.
** Changed in:
** Changed in: nginx (Ubuntu Maverick)
Assignee: Michael Lustfield (michaellustfield) = Thomas Ward
(trekcaptainusa-tw)
** Changed in: nginx (Ubuntu)
Assignee: Michael Lustfield (michaellustfield) = Thomas Ward
(trekcaptainusa-tw)
--
You received this bug notification because you
Debdiff for Lucid that includes fixes for the following CVEs:
CVE-2011-4315
CVE-2012-1180
--
Fixes not included for CVE-2009-4487, as it is being ignored upstream,
and should accordingly be ignored in Ubuntu.
** Attachment added: Debdiff for Lucid (includes patches for the upstream code
Debdiff for Natty that includes fixes for the following CVEs:
CVE-2011-4315
CVE-2012-1180
--
Fixes not included for CVE-2009-4487, as it is being ignored upstream,
and should accordingly be ignored in Ubuntu.
** Attachment added: Debdiff for Natty (includes patches for the upstream code
Debdiff for Oneiric that includes fixes for the following CVEs:
CVE-2011-4315
CVE-2012-1180
--
Fixes not included for CVE-2009-4487, as it is being ignored upstream,
and should accordingly be ignored in Ubuntu.
** Attachment added: Debdiff for Oneiric (includes patches for the upstream
code
The following CVEs do not apply to Precise or Quantal, as the versions
in Precise and Quantal already contain upstream code changes which fixed
these CVEs:
CVE-2011-4315
CVE-2012-1180
--
The following CVE should be marked as 'Ignored' or similar for Ubuntu,
as this CVE is being ignored
Public bug reported:
Debian Unstable has nginx 1.4.5-1, which is the latest upstream stable
release. I would like 1.4.5-1 to be included in Trusty before feature
freeze. Not only is it the latest upstream stable release it fixes
other bugs in Debian.
Also, according to mdeslaur, when I asked
Seth,
I'll take a poke at this, in a little while, I have to spin up a 13.10
VM for testing.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1295892
Title:
nginx upgrade failed
To manage
Seth, I was unable to replicate this using the default configurations,
are you running any other webservers on your system, or have any special
listen statements in your configs?
(This seems like a configuration problem on your setup rather than
globally)
** Changed in: nginx (Ubuntu)
Public bug reported:
In the default sites-available configuration file, it is ambiguous which
line to use for PHP files in a proxy_pass.
It also uses an incorrect configuration line for the PHP files. It may
need modified to adapt for this so that php5-fpm+nginx setups work out
of the box on
Sarah,
We're working on adding an 'nginx-core' package added that builds all
the modules that ship with the nginx source tarball. The other problem
is the optional Lua module in the universe package that we have to
figure out how to work with. It doesn't work with Lua 5.2 and that is
blocking
an extensive
security history and this MIR requires an detailed security review.
A recently discovered vulnerability was CVE-2013-4547. This was
addressed in Debian within a couple of days (http://bugs.debian.org
/cgi-bin/bugreport.cgi?bug=730012) and Thomas Ward took care
Lua module's upstream people have suggested either static-link against
Lua 5.1, which still doesn't solve this problem, or to use
libluajit-5.1-dev (2.0.2+) as the dependency.
This *does* build with libluajit-5.1-dev. However, that is still in
Universe as well, and would need Main inclusion in
I guess that remains the most sane solution, drop the Lua module and
dependency, and leave it out of the package in Ubuntu. I'll add the
drop the Lua module changes to my debdiff after work today and drop
the debdiff here for review.
Note that this MIR also needs a FFe since FeatureFreeze is
Valentin, regarding your comment in comment 7 about things being fixed
in mainline, that fix won't hit Ubuntu until Debian has mainline. As
of right now, I don't think they're switching to the mainline branch
yet.
To all: We're going to drop the Lua module from nginx-extras for the
MIR. If you
Attached is a possible debdiff that can be used to do following for this MIR:
(1) Adds an nginx-core package which contains only the modules that are shipped
with the nginx upstream source.
(2) Removes the Lua module from nginx-extras (because the liblua5.1-dev
build-dependency is not permitted
Public bug reported:
As part of the process of getting the nginx MIR handled, I'd love to see
the latest stable release of nginx in Trusty before the MIR is
completed.
This needs an FFe, and I've already poked infinity in #ubuntu-release
and handed them a debdiff of Debian 1.4.5-1 to Debian
** Patch removed: Potential full debdiff for the MIR
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1262710/+attachment/4015030/+files/NGINX_trusty_MIR.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Thanks to Adam Conrad, NGINX 1.4.6 is now in Trusty (see
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1290063 )
I'll rebase my debdiff off 1.4.6 instead, as soon as I get to stable
internet again. (this might be tomorrow :/)
--
You received this bug notification because you are a
Attached is a debdiff for this MIR based off of 1.4.6 which Adam Conrad
merged into Ubuntu.
Whomever needs to review this, please review. Thanks.
** Patch added: nginx-1.4.6 debdiff for the MIR
This debdiff here contains typos that sarnold found, and is in response
to this:
sarnold teward: hey :) nice debdiff, thanks; there is an UNRELEASED in the
changelog, and 'nginx-extra' typo in the Description: field for the nginx-core
package. otherwise it looks good to me. Thanks for taking
I meant it contains fixes for typos.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1262710
Title:
[MIR] nginx
To manage notifications about this bug go to:
What version were you upgrading from?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1295892
Title:
nginx upgrade failed
To manage notifications about this bug go to:
** Changed in: nginx (Ubuntu)
Status: New = Confirmed
** Changed in: nginx (Ubuntu)
Assignee: (unassigned) = Thomas Ward (teward)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1315426
** Bug watch added: Debian Bug tracker #747025
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747025
** Also affects: nginx (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747025
Importance: Unknown
Status: Unknown
** Changed in: nginx (Ubuntu)
Status:
Attached is a debdiff for consideration on this bug. The patch needed
some very minor modifications to apply, but it's still all of upstream's
patch, nothing else.
** Patch added: Trusty debdiff for this bug
This bug is missing the standard SRU template, please keep this in mind
when working on this bug from this point forward. For an SRU it will
need the template filled in. The template can be found at
https://wiki.ubuntu.com/StableReleaseUpdates#SRU_Bug_Template
--
You received this bug
Correct me if I'm wrong, but doesn't this bug affect OpenSSL? The
Security team released a fix for this in OpenSSL.
I will check to see if it's statically linked, but the last I checked it
was not. I haven't recently checked this though.
--
You received this bug notification because you are a
Refer to USN-2165-1 for the OpenSSL notice on this vulnerability, and
about it being fixed. This applies to libssl as well.
I am almost certain nginx doesn't static-link to libssl. Again, I'll
double check this.
--
You received this bug notification because you are a member of Ubuntu
Bugs,
*** This bug is a security vulnerability ***
Public security bug reported:
This is CVE-2014-0133.
This is Debian Bug 742059.
--
This was the nginx announcement of this issue:
Hello!
A bug in the experimental SPDY implementation in nginx was found, which
might allow an attacker to cause
Key thing to check is if all binaries build with the --with-debug
option. If they all build with it, then we are not vulnerable.
(according to the Debian people)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
As with Debian, we are not affected by this bug, as we build with the
--with-debug option on all binaries, and it's up to the security team if
they want to sponsor the patch in, since we're not affected.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
I've attached a debdiff for Saucy.
** Patch added: CVE-2014-0133 Debdiff for Saucy
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1294280/+attachment/4031514/+files/cve-2014-0133_saucy.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
I spoke to sarnold on IRC briefly last night. They said they might
support a separate upstream-only binary or an added build that has
only upstream modules shipped with nginx.
I'll take a look tomorrow and see what I can do to accommodate this.
However, it stands to be noted that most users
An upstream commit has been made addressing this issue.
Refer to
http://trac.nginx.org/nginx/changeset/060c2e692b96a150b584b8e30d596be1f2defa9c/nginx
for the fix.
I'll check if the other versions of nginx not listed here are affected
later, after work.
--
You received this bug notification
*** This bug is a security vulnerability ***
Public security bug reported:
A security vulnerability was found in the nginx package. All versions
in Lucid, Precise, Trusty, and Utopic are affected.
--
This is the email that went out in the nginx security advisories list
regarding this
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3616
** Changed in: nginx (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1370478
Title:
Ubuntu 13.10 is no longer supported, and as such I am marking this
Won't Fix.
** Changed in: bitcoin (Ubuntu)
Status: New = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1307715
This package was removed from 12.04 and replaced with a dummy package.
As such, this software has been removed from all later versions of
Ubuntu. I am marking it won't fix as such.
** Changed in: bitcoin (Ubuntu)
Status: Confirmed = Won't Fix
--
You received this bug notification
Please refer to
https://bugs.launchpad.net/ubuntu/+source/bitcoin/+bug/1314616 for why
this is marked Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1170915
Title:
bitcoind in 12.04 LTS is
This package was 'removed' from 12.04 and replaced with a dummy package.
As such, this software has been removed from all later versions of
Ubuntu. I am marking it won't fix as such.
Refer to https://bugs.launchpad.net/ubuntu/+source/bitcoin/+bug/1314616
if you have questions on this.
** Changed
I'm attaching the patch I wrote for this.
As this patch is ultimately going to repair a problem introduced by a
security fix, by forcing php5-fpm to force a specific user/group to be
the owner:group settings for the fpm socket, I would like the Security
Team to review the change preliminarily,
Nomination added for krb5 for Trusty per an email thread to bugcontrol.
It added for gcc as well but the email chain points to a SRU fix for
krb5 and not the compiler at this time.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Public bug reported:
*** NOTE: This only affects Precise based on my testing. ***
A security change to make the FPM listener have permissions 0660 has
introduced an issue in Precise with how the socket is created. While
this was resolved in later versions as part of Bug #1334337 (including
in
.
** Also affects: nginx (Ubuntu)
Importance: Undecided
Status: New
** Changed in: nginx
Assignee: (unassigned) = Thomas Ward (teward)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1383379
In discussion with mdeslaur on IRC, I'm attaching DebDiffs for Ubuntu in
the off chance the release team wishes to push these changes.
A few extra details as to why this is extremely relevant to being pushed
and updated: A lot of newbie users that we see in the NGINX IRC channel
for support end
** Patch added: Precise Debdiff for Ubuntu
https://bugs.launchpad.net/nginx/+bug/1383379/+attachment/4241830/+files/nginx_sslv3_remove_debdiff_precise.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: Trusty Debdiff for Ubuntu
https://bugs.launchpad.net/nginx/+bug/1383379/+attachment/4241832/+files/nginx_sslv3_remove_debdiff_trusty.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
NOTE: I didn't know where to target this for Utopic, so I just targeted
it to 'utopic'. Please change that if it is not valid.
** Patch added: Utopic Debdiff for Ubuntu
https://bugs.launchpad.net/nginx/+bug/1383379/+attachment/4241835/+files/nginx_sslv3_remove_debdiff_utopic.debdiff
**
(nginx project)
Updated packages uploaded to the staging PPA, pending building.
** Changed in: nginx
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1383379
** Changed in: nginx
Status: Triaged = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1216817
Title:
Using `fastcgi_cache` or `proxy_cache` with nginx-extras causes the
push
There is not enough information in this report to actually say whether
this is a bug or not. As such, unless more information is provided, I'm
marking this as Incomplete.
** Changed in: usb-modeswitch (Ubuntu)
Status: New = Incomplete
--
You received this bug notification because you
Fixed a couple typos and missing elements in the debdiff, apologies for
the noise.
** Patch added: Debdiff for NGINX, version 1.6.2-4ubuntu1 to 1.6.2-5ubuntu1
** Patch removed: Debdiff for NGINX, version 1.6.2-4ubuntu1 to 1.6.2-5ubuntu1
https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1399967/+attachment/4275392/+files/merge_debdiff-nginx_1.6.2-4ubuntu1-nginx_1.6.2-5ubuntu1.debdiff
--
You received this bug notification because you are a member
.
** Affects: wireshark (Ubuntu)
Importance: High
Assignee: Thomas Ward (teward)
Status: In Progress
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2392
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-2393
** CVE added: http
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-6053
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-6058
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-6059
** CVE added: http://www.cve.mitre.org/cgi-
Further discussion with mdeslaur on IRC and messages on
https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1401314 from
Evan have come up with a potential course of action, as follows: (Note
the other bug there will be duped to this one).
(1) For Precise, we will work off of 1.6.16 as a
*** This bug is a duplicate of bug 1397091 ***
https://bugs.launchpad.net/bugs/1397091
** This bug has been marked a duplicate of bug 1397091
[Security] Update Wireshark in Precise, Trusty, and Utopic to include
relevant security patches.
--
You received this bug notification because
** Changed in: wireshark (Ubuntu Precise)
Importance: Undecided = High
** Changed in: wireshark (Ubuntu Precise)
Status: New = In Progress
** Changed in: wireshark (Ubuntu Precise)
Assignee: (unassigned) = Thomas Ward (teward)
** Changed in: wireshark (Ubuntu Trusty
in: wireshark (Ubuntu Utopic)
Assignee: Thomas Ward (teward) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1397091
Title:
[Security] Update Wireshark in Precise, Trusty, and Utopic to include
Utopic debdiff attached - set back to Confirmed and unassigned for
Utopic.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1397091
Title:
[Security] Update Wireshark in Precise, Trusty, and Utopic to
** Patch removed: Utopic Debdiff: 1.12.0+git+4fab41a1-1 to 1.12.1+g01b65bf-2
(Utopic debian/ + 1.12.2 patches)
https://bugs.launchpad.net/ubuntu/precise/+source/wireshark/+bug/1397091/+attachment/4279080/+files/utopic_debdiff_1.12.0-Utopic_1.12.1-Vivid.debdiff
--
You received this bug
Debdiff updated per Marc's request on IRC. Additional changes outlined
in debian/changelog entry (some additional changes from Vivid were
needed).
** Patch added: Utopic Debdiff: 1.12.0+git+4fab41a1-1 to 1.12.1+g01b65bf-2
(Utopic debian/ + 1.12.2 patches and some Vivid changes)
It sounds to me like your repositories aren't fully updated - can you
run an 'apt-get update' and try again? I've just checked the
repositories, and all the NGINX packages in Trusty are -3ubuntu1 if you
have -updates and/or -security enabled.
** Changed in: nginx (Ubuntu)
Status: New =
No problem, thanks for checking!
** Changed in: nginx (Ubuntu)
Status: Incomplete = Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1402137
Title:
nginx-full
To manage notifications
*** This bug is a security vulnerability ***
Public security bug reported:
The BREACH vulnerability (http://breachattack.com/) is not mitigated in
the default nginx.conf configuration file.
Details on the BREACH vulnerability are available at the link above.
HTTP level compression served over a
** Bug watch added: Debian Bug tracker #773332
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773332
** Also affects: nginx (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773332
Importance: Unknown
Status: Unknown
--
You received this bug notification because
** Changed in: nginx
Importance: Undecided = High
** Changed in: nginx
Importance: High = Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1403283
Title:
[Security] BREACH vulnerability
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-3587
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1403283
Title:
[Security] BREACH vulnerability is not mitigated in default
Public bug reported:
I'm not entirely certain if this is a bug, but this had never happened
in Precise.
When you use the SSL mod (`a2enmod ssl`) and then install the libapache2
-mod-gnutls package (the gnutls mod), Apache will no longer start,
stating the following error:
(98)Address already in
** Changed in: mod-gnutls (Ubuntu)
Importance: Undecided = Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1311407
Title:
After installation, an Apache instance with `ssl` mod enabled will
If after the PPAs are updated, this still applies, comment on the bug.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1313224
Title:
Outdated naxsi version, incorrect learning tools included in
This bug was misfiled, this is an issue with the PPAs.
The PPAs are behind because I haven't had a chance to update the PPAs
yet. I'll see if I can get to it tomorrow.
** Changed in: nginx (Ubuntu)
Status: New = Invalid
** Also affects: nginx
Importance: Undecided
Status: New
Last I checked, Debian is ahead of the PPAs and Ubuntu. It may be
possible they already updated the naxsi version already.
If that is not the case I'll forward this bug to Debian.
Thomas
LP: ~teward
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Tags added: stable-ppa
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1313224
Title:
Outdated naxsi version, incorrect learning tools included in packages
To manage notifications about this bug
, I'll
forward this bug to Debian.
** Changed in: nginx
Status: New = Incomplete
** Changed in: nginx
Assignee: (unassigned) = Thomas Ward (teward)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net
** Changed in: nginx (Ubuntu)
Status: New = Invalid
** Changed in: nginx
Status: Incomplete = New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1313224
Title:
Outdated naxsi version,
Bug forwarded to Debian, as it also needs fixing there. I've linked to
the Debian bug here on the Launchpad system, so the Debian status will
be seen here as well.
** Bug watch added: Debian Bug tracker #746199
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746199
** Also affects: nginx
** No longer affects: nginx (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1313224
Title:
Outdated naxsi version, incorrect learning tools included in packages
To manage notifications
** Changed in: nginx
Status: New = Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1313224
Title:
Outdated naxsi version, incorrect learning tools included in packages
To manage
*** This bug is a security vulnerability ***
Public security bug reported:
In discussion with the Security team yesterday (November 26, 2014) in
#ubuntu-hardened on IRC, I began digging through the list of Wireshark
CVEs, attempting to correct the tracker and get the CVE statuses updated
to
** Patch added: Utopic Debdiff: 1.12.0+git+4fab41a1-1 to
1.12.1+g01b65bf-2~14.10.1
https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1397091/+attachment/4269830/+files/utopic_wireshark_1.12.0%2Bgit%2B4fab41a1-1_1.12.1%2Bg01b65bf-2%7E14.10.1.debdiff
--
You received this bug
This debdiff is compressed in a .tar.gz. Uncompressed, the diff is
about 172MB in size.
** Summary changed:
- [Security] Update Wireshark in all repositories to 1.12.1 from Vivid, please.
+ [Security] Update Wireshark in all repositories to 1.12.1+g01b65bf-2 (from
Vivid)
** Summary changed:
** Patch added: Trusty Debdiff: 1.10.6-1 to 1.12.1+g01b65bf-2~14.04.1
https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1397091/+attachment/4269829/+files/trusty_wireshark_1.10.6-1_1.12.1%2Bg01b65bf-2%7E14.04.1.debdiff
--
You received this bug notification because you are a member of
** Attachment added: Precise Debdiff: 1.6.7-1 to 1.12.1+g01b65bf-2~12.04.1
https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/1397091/+attachment/4269841/+files/precise_wireshark_1.6.7-1_1.12.1%2Bg01b65bf-2%7E12.04.1.debdiff.gz
--
You received this bug notification because you are a
** Description changed:
In discussion with the Security team yesterday (November 26, 2014) in
#ubuntu-hardened on IRC, I began digging through the list of Wireshark
CVEs, attempting to correct the tracker and get the CVE statuses updated
to reflect what actually does affect the versions
Evan,
The idea I had, and the Security team seemed to suggest, was to make the
update uniform - that is, the version across the releases would be
identical, hence three debdiffs based on the same packaging in Vivid.
I'll leave it to the Security team to decide if they don't want to do
this for
After emailing with Evan, I believe there are a few things that are not
as obvious that need to be looked at prior to this bug being processed.
A big major point to consider is that there are companies that have
their own protocol plugins in Wireshark, and they are dependent on the
API. It looks
Marc:
That's an option, of course, and I'd be happy to start doing that, the
issue is going to be with Precise being on an unsupported release for
which fixes aren't backported into anymore (whereas in 1.10 for Trusty,
there's already fix backports upstream, based on what I'm able to tell
so far.
601 - 700 of 2325 matches
Mail list logo