[Pkg-nginx-maintainers] nginx 1.24.0-2
Jan Mojzis
jan.mojzis at gmail.com
Wed Oct 11 00:20:54 BST 2023
Hi,
updated in d/changelog.
Thanks!
Jan
> On 11. 10. 2023, at 0:40, Thomas Ward <teward at thomas-ward.net> wrote:
>
> I will point out that patch doesnt *fix* the zero-day CVE. It simply adds additional mitigations that according to NGINX developers on nginx-devel are already suitably mitigated with the default config options for keepalive. Might as the Debian security team's opinions on the claim this is actually a *fix* since it isnt...
>
>
>
> Sent from my Galaxy
>
>
>
> -------- Original message --------
> From: Jan Mojzis <jan.mojzis at gmail.com>
> Date: 10/10/23 18:36 (GMT-05:00)
> To: Debian Nginx Maintainers <pkg-nginx-maintainers at alioth-lists.debian.net>
> Cc: Thomas Ward <teward at thomas-ward.net>, Jérémy Lal <kapouer at melix.org>
> Subject: nginx 1.24.0-2
>
> Hi,
>
> I will upload a new version of nginx 1.24.0-2
>
> Important changes:
> - fix CVE-2023-44487 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053770
> - bugfix https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039905
> - nginx-dev update:
> - dh-sequence-nginx now detects libnginx-mod-stream module and adds dependencies on libnginx-mod-stream,
> it allows better usage dh-sequence-nginx and tries to fix libnginx-* modules transitions
>
> full changelog:
> https://salsa.debian.org/nginx-team/nginx/-/blob/main/debian/changelog
>
>
> Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nginx-maintainers/attachments/20231011/0b433fb7/attachment-0001.htm>
More information about the Pkg-nginx-maintainers
mailing list