Bug#697940:

2014-04-18 Thread Christos Trochalakis
On Fri, Apr 18, 2014 at 01:31:33PM -0400, Thomas Ward wrote: An upstream commit addressing this was made, and the upstream nginx trac ticket has been closed. Refer to http://trac.nginx.org/nginx/changeset/060c2e692b96a150b584b8e30d596be1f2defa9c/nginx for the changes. Yes, that's good news.

Bug#697940:

2014-04-18 Thread Thomas Ward
An upstream commit addressing this was made, and the upstream nginx trac ticket has been closed. Refer to http://trac.nginx.org/nginx/changeset/060c2e692b96a150b584b8e30d596be1f2defa9c/nginx for the changes. -- Thomas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org w

Bug#697940: Closing

2013-10-29 Thread Michael Lustfield
I wasn't aware of forwarded or tags. Shows my experience level... Sorry for prematurely closing this and thanks for giving me new stuff to learn. On Tue, Oct 29, 2013 at 8:57 AM, Thijs Kinkhorst wrote: > reopen 697940 > forwarded 697940 http://trac.nginx.org/nginx/ticket/13 > tags 697940 = secu

Bug#697940: Closing

2013-10-29 Thread Thijs Kinkhorst
reopen 697940 forwarded 697940 http://trac.nginx.org/nginx/ticket/13 tags 697940 = security upstream thanks Hi, This issue is not yet fixed in the package so it seems premature to close it. You're probably right that upstream needs to do this and there's no need for Debian to do it locally. But t

Bug#697940: (no subject)

2013-04-15 Thread Michael Lustfield
tags 697940 + wontfix thanks -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#697940: Status

2013-03-11 Thread Michael Lustfield
"nginx maintainers, what's the status?" ... Look at the link to the root bug. There's a reason they haven't taken that patch and committed it yet. This isn't trivial and we're not going to decide how this "non-issue" should be rectified. Us making a small change could cause a big headache down the

Bug#697940: [CVE-2011-4968] nginx does not verify the backend's identity when proxying to an https origin server

2013-03-01 Thread Moritz Mühlenhoff
On Fri, Jan 11, 2013 at 11:37:07AM -0500, Daniel Kahn Gillmor wrote: > Package: nginx > Version: 0.7.67-3+squeeze2 > Severity: normal > Tags: upstream security > Control: found -1 1.2.1-2.2 > > When nginx is configured as a reverse proxy with an https origin > server, it is vulnerable to a MITM at

Bug#697940: [CVE-2011-4968] nginx does not verify the backend's identity when proxying to an https origin server

2013-01-11 Thread Daniel Kahn Gillmor
Package: nginx Version: 0.7.67-3+squeeze2 Severity: normal Tags: upstream security Control: found -1 1.2.1-2.2 When nginx is configured as a reverse proxy with an https origin server, it is vulnerable to a MITM attack, because it does not verify the certificate of the origin server. This is upstr