Discussion:
Bug#948650: stretch-pu: package nginx/1.10.3-1+deb9u3
(too old to reply)
Christos Trochalakis
2020-01-11 10:30:01 UTC
Permalink
Package: release.debian.org
Severity: normal
Tags: stretch
User: ***@packages.debian.org
Usertags: pu

Hello,

I'd like to upload nginx 1.10.3-1+deb9u4, addressing the non-critical
CVE-2019-20372.

Attaching a debdiff.

[0] https://security-tracker.debian.org/tracker/CVE-2019-20372
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948579

-- System Information:
Debian Release: 10.2
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable'), (4, 'unstable'), (2, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Adam D. Barratt
2020-01-20 22:50:02 UTC
Permalink
Control: tags -1 + confirmed
Post by Christos Trochalakis
I'd like to upload nginx 1.10.3-1+deb9u4, addressing the non-critical
CVE-2019-20372.
Please go ahead, thanks.

Regards,

Adam
Adam D. Barratt
2020-03-30 21:10:01 UTC
Permalink
Post by Adam D. Barratt
Control: tags -1 + confirmed
Post by Christos Trochalakis
I'd like to upload nginx 1.10.3-1+deb9u4, addressing the non-
critical
CVE-2019-20372.
Please go ahead, thanks.
Ping?

Regards,

Adam
Adam D. Barratt
2020-06-20 19:30:02 UTC
Permalink
Post by Adam D. Barratt
Post by Adam D. Barratt
Control: tags -1 + confirmed
Post by Christos Trochalakis
I'd like to upload nginx 1.10.3-1+deb9u4, addressing the non-
critical
CVE-2019-20372.
Please go ahead, thanks.
Ping?
As a note, we're now planning for the final point release for stretch
before it moves to LTS. Is this update still something of interest?

Regards,

Adam
Adrian Bunk
2020-07-08 10:50:01 UTC
Permalink
Post by Adam D. Barratt
Post by Adam D. Barratt
Post by Adam D. Barratt
Control: tags -1 + confirmed
Post by Christos Trochalakis
I'd like to upload nginx 1.10.3-1+deb9u4, addressing the non-
critical
CVE-2019-20372.
Please go ahead, thanks.
Ping?
As a note, we're now planning for the final point release for stretch
before it moves to LTS. Is this update still something of interest?
I have uploaded the package to DELAYED/2.
Feel free to cancel if anyone disagrees.
Post by Adam D. Barratt
Regards,
Adam
cu
Adrian
Adam D Barratt
2020-07-10 17:00:02 UTC
Permalink
package release.debian.org
tags 948650 = stretch pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian stretch.

Thanks for your contribution!

Upload details
==============

Package: nginx
Version: 1.10.3-1+deb9u4

Explanation: fix error page request smuggling vulnerability [CVE-2019-20372]
Loading...