Re: [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution

View: New views

4 Messages — Rating Filter: Alert me

	Re: [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution by Jean Christophe André-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there! Nico Golde a écrit : > For the stable distribution (lenny), this problem has been fixed in version 0.6.32-3+lenny2. There is some serious dependency problem forbidding the upgrade: www:~# LANG= apt-cache show nginx Architecture: i386 Version: 0.6.32-3+lenny2 Depends: libc6 (>= 2.3.4), libpcre3 (>= 7.7), libssl0.9.8 (>= 0.9.8f-5), zlib1g (>= 1:1.1.4) www:~# LANG= apt-cache policy libpcre3 libpcre3: Installed: 7.6-2.1 Candidate: 7.6-2.1 Version table: *** 7.6-2.1 0 Did I miss something? - -- Jean Christophe "プログフ" ANDRÉ — ✧ — Responsable technique régional Bureau Asie-Pacifique (BAP) — ✧ — http://www.asie-pacifique.auf.org/ Agence universitaire de la Francophonie (AuF) — ✧ — http://www.auf.org/ Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam Tél. : +84 4 9331108 ✦ Fax : +84 4 8247383 ✦ Cellul. : +84 91 3248747 ⎧ Note personnelle: merci d'éviter de m'envoyer des fichiers PowerPoint ⎫ ⎩ ou Word, cf http://www.gnu.org/philosophy/no-word-attachments.fr.html ⎭ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqudjwACgkQc1sEQyt633en2QCcCSdOolvVIOUKAEBPpHHW1xJ7 hEUAoJEXxBZOeCIs9uRgGm7A6QMNg/JI =JP3R -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution by Nico Golde-9 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, * Jean Christophe André <jean-christophe.andre@...> [2009-09-14 20:35]: > Nico Golde a Ã©crit : > > For the stable distribution (lenny), this problem has been fixed in > version 0.6.32-3+lenny2. > There is some serious dependency problem forbidding the upgrade: > > www:~# LANG= apt-cache show nginx > Architecture: i386 > Version: 0.6.32-3+lenny2 > Depends: libc6 (>= 2.3.4), libpcre3 (>= 7.7), libssl0.9.8 (>= 0.9.8f-5), > zlib1g > (>= 1:1.1.4) > > www:~# LANG= apt-cache policy libpcre3 > libpcre3: > Installed: 7.6-2.1 > Candidate: 7.6-2.1 > Version table: > * 7.6-2.1 0 > > Did I miss something? There was a problem with the build chroot I didn't notice when installing the test packages. I pinged a member of the release team to schedule a binNMU. Thanks for the heads-up! Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@... - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted. attachment0** (204 bytes) Download Attachment
	Re: [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution by Nico Golde-9 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, * Nico Golde <debian-security+ml@...> [2009-09-14 22:53]: > * Jean Christophe André <jean-christophe.andre@...> [2009-09-14 20:35]: > > Nico Golde a Ã©crit : > > > For the stable distribution (lenny), this problem has been fixed in > > version 0.6.32-3+lenny2. > > There is some serious dependency problem forbidding the upgrade: > > > > www:~# LANG= apt-cache show nginx > > Architecture: i386 > > Version: 0.6.32-3+lenny2 > > Depends: libc6 (>= 2.3.4), libpcre3 (>= 7.7), libssl0.9.8 (>= 0.9.8f-5), > > zlib1g > > (>= 1:1.1.4) > > > > www:~# LANG= apt-cache policy libpcre3 > > libpcre3: > > Installed: 7.6-2.1 > > Candidate: 7.6-2.1 > > Version table: > > * 7.6-2.1 0 > > > > Did I miss something? > > There was a problem with the build chroot I didn't notice > when installing the test packages. I pinged a member of the > release team to schedule a binNMU. Thanks for the heads-up! Fixed, use 0.6.32-3+lenny2+b1. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@... - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted. attachment0** (204 bytes) Download Attachment
	Re: [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution by Jean Christophe André-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Nico Golde a écrit : > * Nico Golde <debian-security+ml@...> [2009-09-14 22:53]: > >> * Jean Christophe André <jean-christophe.andre@...> [2009-09-14 20:35]: >> >>> There is some serious dependency problem forbidding the upgrade: >>> [...] >>> >> There was a problem with the build chroot I didn't notice >> when installing the test packages. I pinged a member of the >> release team to schedule a binNMU. Thanks for the heads-up! >> > Fixed, use 0.6.32-3+lenny2+b1. > Confirmed working. Thanks! Cheers, J.C. -- Jean Christophe "プログフ" ANDRÉ — ✧ — Responsable technique régional Bureau Asie-Pacifique (BAP) — ✧ — http://www.asie-pacifique.auf.org/ Agence universitaire de la Francophonie (AuF) — ✧ — http://www.auf.org/ Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam Tél. : +84 4 9331108 ✦ Fax : +84 4 8247383 ✦ Cellul. : +84 91 3248747 ⎧ Note personnelle: merci d'éviter de m'envoyer des fichiers PowerPoint ⎫ ⎩ ou Word, cf http://www.gnu.org/philosophy/no-word-attachments.fr.html ⎭ -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...

	Re: [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution by Jean Christophe André-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there! Nico Golde a écrit : > For the stable distribution (lenny), this problem has been fixed in version 0.6.32-3+lenny2. There is some serious dependency problem forbidding the upgrade: www:~# LANG= apt-cache show nginx Architecture: i386 Version: 0.6.32-3+lenny2 Depends: libc6 (>= 2.3.4), libpcre3 (>= 7.7), libssl0.9.8 (>= 0.9.8f-5), zlib1g (>= 1:1.1.4) www:~# LANG= apt-cache policy libpcre3 libpcre3: Installed: 7.6-2.1 Candidate: 7.6-2.1 Version table: *** 7.6-2.1 0 Did I miss something? - -- Jean Christophe "プログフ" ANDRÉ — ✧ — Responsable technique régional Bureau Asie-Pacifique (BAP) — ✧ — http://www.asie-pacifique.auf.org/ Agence universitaire de la Francophonie (AuF) — ✧ — http://www.auf.org/ Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam Tél. : +84 4 9331108 ✦ Fax : +84 4 8247383 ✦ Cellul. : +84 91 3248747 ⎧ Note personnelle: merci d'éviter de m'envoyer des fichiers PowerPoint ⎫ ⎩ ou Word, cf http://www.gnu.org/philosophy/no-word-attachments.fr.html ⎭ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkqudjwACgkQc1sEQyt633en2QCcCSdOolvVIOUKAEBPpHHW1xJ7 hEUAoJEXxBZOeCIs9uRgGm7A6QMNg/JI =JP3R -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution by Nico Golde-9 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, * Jean Christophe André <jean-christophe.andre@...> [2009-09-14 20:35]: > Nico Golde a Ã©crit : > > For the stable distribution (lenny), this problem has been fixed in > version 0.6.32-3+lenny2. > There is some serious dependency problem forbidding the upgrade: > > www:~# LANG= apt-cache show nginx > Architecture: i386 > Version: 0.6.32-3+lenny2 > Depends: libc6 (>= 2.3.4), libpcre3 (>= 7.7), libssl0.9.8 (>= 0.9.8f-5), > zlib1g > (>= 1:1.1.4) > > www:~# LANG= apt-cache policy libpcre3 > libpcre3: > Installed: 7.6-2.1 > Candidate: 7.6-2.1 > Version table: > * 7.6-2.1 0 > > Did I miss something? There was a problem with the build chroot I didn't notice when installing the test packages. I pinged a member of the release team to schedule a binNMU. Thanks for the heads-up! Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@... - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted. attachment0** (204 bytes) Download Attachment
	Re: [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution by Nico Golde-9 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, * Nico Golde <debian-security+ml@...> [2009-09-14 22:53]: > * Jean Christophe André <jean-christophe.andre@...> [2009-09-14 20:35]: > > Nico Golde a Ã©crit : > > > For the stable distribution (lenny), this problem has been fixed in > > version 0.6.32-3+lenny2. > > There is some serious dependency problem forbidding the upgrade: > > > > www:~# LANG= apt-cache show nginx > > Architecture: i386 > > Version: 0.6.32-3+lenny2 > > Depends: libc6 (>= 2.3.4), libpcre3 (>= 7.7), libssl0.9.8 (>= 0.9.8f-5), > > zlib1g > > (>= 1:1.1.4) > > > > www:~# LANG= apt-cache policy libpcre3 > > libpcre3: > > Installed: 7.6-2.1 > > Candidate: 7.6-2.1 > > Version table: > > * 7.6-2.1 0 > > > > Did I miss something? > > There was a problem with the build chroot I didn't notice > when installing the test packages. I pinged a member of the > release team to schedule a binNMU. Thanks for the heads-up! Fixed, use 0.6.32-3+lenny2+b1. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@... - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted. attachment0** (204 bytes) Download Attachment
	Re: [SECURITY] [DSA 1884-1] New nginx packages fix arbitrary code execution by Jean Christophe André-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Nico Golde a écrit : > * Nico Golde <debian-security+ml@...> [2009-09-14 22:53]: > >> * Jean Christophe André <jean-christophe.andre@...> [2009-09-14 20:35]: >> >>> There is some serious dependency problem forbidding the upgrade: >>> [...] >>> >> There was a problem with the build chroot I didn't notice >> when installing the test packages. I pinged a member of the >> release team to schedule a binNMU. Thanks for the heads-up! >> > Fixed, use 0.6.32-3+lenny2+b1. > Confirmed working. Thanks! Cheers, J.C. -- Jean Christophe "プログフ" ANDRÉ — ✧ — Responsable technique régional Bureau Asie-Pacifique (BAP) — ✧ — http://www.asie-pacifique.auf.org/ Agence universitaire de la Francophonie (AuF) — ✧ — http://www.auf.org/ Adresse postale : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam Tél. : +84 4 9331108 ✦ Fax : +84 4 8247383 ✦ Cellul. : +84 91 3248747 ⎧ Note personnelle: merci d'éviter de m'envoyer des fichiers PowerPoint ⎫ ⎩ ou Word, cf http://www.gnu.org/philosophy/no-word-attachments.fr.html ⎭ -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...