[Pkg-nginx-maintainers] nginx 1.24.0-2
Thomas Ward
teward at thomas-ward.net
Tue Oct 10 23:40:51 BST 2023
I will point out that patch doesnt *fix* the zero-day CVE. It simply adds additional mitigations that according to NGINX developers on nginx-devel are already suitably mitigated with the default config options for keepalive. Might as the Debian security team's opinions on the claim this is actually a *fix* since it isnt...
Sent from my Galaxy
-------- Original message --------
From: Jan Mojzis <jan.mojzis at gmail.com>
Date: 10/10/23 18:36 (GMT-05:00)
To: Debian Nginx Maintainers <pkg-nginx-maintainers at alioth-lists.debian.net>
Cc: Thomas Ward <teward at thomas-ward.net>, Jérémy Lal <kapouer at melix.org>
Subject: nginx 1.24.0-2
Hi,
I will upload a new version of nginx 1.24.0-2
Important changes:
- fix CVE-2023-44487 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053770
- bugfix https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039905
- nginx-dev update:
- dh-sequence-nginx now detects libnginx-mod-stream module and adds dependencies on libnginx-mod-stream,
it allows better usage dh-sequence-nginx and tries to fix libnginx-* modules transitions
full changelog:
https://salsa.debian.org/nginx-team/nginx/-/blob/main/debian/changelog
Jan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-nginx-maintainers/attachments/20231010/cb54b425/attachment.htm>
More information about the Pkg-nginx-maintainers
mailing list