<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>



<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Salvatore Bonaccorso pushed to branch master
at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/c62859c04fe8af47270c6fa2598d05f5b42beddf">c62859c0</a></strong>
<div>
<span>by Salvatore Bonaccorso</span>
<i>at 2019-03-16T08:33:09Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Mark CVE-2018-12029/passenger as unimportant

The nginx module is actually not build and thus the passenger binary
packages built not affected by the issue.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/7fc724ea1427068fdea9085613842992cb579b6a">7fc724ea</a></strong>
<div>
<span>by Salvatore Bonaccorso</span>
<i>at 2019-03-16T08:34:20Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2019-12029: add upstream tag information for fixing commit
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/ad39d5ae49d01cc6684ee2e806d9b1bc968ef331">ad39d5ae</a></strong>
<div>
<span>by Salvatore Bonaccorso</span>
<i>at 2019-03-16T08:34:39Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add related commits to CVE-2019-12029

Upstream included 9ed61bb4641b ("Ruby code: use {f,l}{chmod,chown} where
possible to protect against symlink attacks") in the 5.3.2 release which
can be seen as hardening which relates to the nginx module issue.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/d5e815a3d33d95e8d705dd18d89af017014d94ac">d5e815a3</a></strong>
<div>
<span>by Salvatore Bonaccorso</span>
<i>at 2019-03-16T08:37:33Z</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Merge remote-tracking branch 'origin/master'
</pre>
</li>
</ul>
<h4>1 changed file:</h4>
<ul>
<li class="file-stats">
<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">
data/CVE/list
</a>
</li>
</ul>
<h4>Changes:</h4>
<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/compare/fef205e9fb44448104ac66b45a0ce15018e91608...d5e815a3d33d95e8d705dd18d89af017014d94ac#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>
<hr>
No preview for this file type
<br>
</li>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777777;">

<br>
<a href="https://salsa.debian.org/security-tracker-team/security-tracker/compare/fef205e9fb44448104ac66b45a0ce15018e91608...d5e815a3d33d95e8d705dd18d89af017014d94ac">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.

</p>
</div>
</body>
</html>