Debian Package Tracker

From: Christos Trochalakis <ctrochalakis@debian.org>
To:
Subject: Accepted nginx 1.10.3-1+deb9u2 (source) into stable->embargoed, stable
Date: Thu, 08 Nov 2018 21:33:29 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 07 Nov 2018 07:40:42 +0200
Source: nginx
Binary: nginx nginx-doc nginx-common nginx-full nginx-light nginx-extras libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libnginx-mod-http-perl libnginx-mod-http-auth-pam libnginx-mod-http-lua libnginx-mod-http-ndk libnginx-mod-nchan libnginx-mod-http-echo libnginx-mod-http-upstream-fair libnginx-mod-http-headers-more-filter libnginx-mod-http-cache-purge libnginx-mod-http-fancyindex libnginx-mod-http-uploadprogress libnginx-mod-http-subs-filter libnginx-mod-http-dav-ext
Architecture: source
Version: 1.10.3-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Nginx Maintainers <pkg-nginx-maintainers@lists.alioth.debian.org>
Changed-By: Christos Trochalakis <ctrochalakis@debian.org>
Description:
 libnginx-mod-http-auth-pam - PAM authentication module for Nginx
 libnginx-mod-http-cache-purge - Purge content from Nginx caches
 libnginx-mod-http-dav-ext - WebDAV missing commands support for Nginx
 libnginx-mod-http-echo - Bring echo and more shell style goodies to Nginx
 libnginx-mod-http-fancyindex - Fancy indexes module for the Nginx
 libnginx-mod-http-geoip - GeoIP HTTP module for Nginx
 libnginx-mod-http-headers-more-filter - Set and clear input and output headers for Nginx
 libnginx-mod-http-image-filter - HTTP image filter module for Nginx
 libnginx-mod-http-lua - Lua module for Nginx
 libnginx-mod-http-ndk - Nginx Development Kit module
 libnginx-mod-http-perl - Perl module for Nginx
 libnginx-mod-http-subs-filter - Substitution filter module for Nginx
 libnginx-mod-http-uploadprogress - Upload progress system for Nginx
 libnginx-mod-http-upstream-fair - Nginx Upstream Fair Proxy Load Balancer
 libnginx-mod-http-xslt-filter - XSLT Transformation module for Nginx
 libnginx-mod-mail - Mail module for Nginx
 libnginx-mod-nchan - Fast, flexible pub/sub server for Nginx
 libnginx-mod-stream - Stream module for Nginx
 nginx      - small, powerful, scalable web/proxy server
 nginx-common - small, powerful, scalable web/proxy server - common files
 nginx-doc  - small, powerful, scalable web/proxy server - documentation
 nginx-extras - nginx web/proxy server (extended version)
 nginx-full - nginx web/proxy server (standard version)
 nginx-light - nginx web/proxy server (basic version)
Closes: 913090
Changes:
 nginx (1.10.3-1+deb9u2) stretch-security; urgency=high
 .
   * Backport http2_max_requests directive needed for
     CVE-2018-16844 mitigation
   * Backport upstream fixes for 3 CVEs (Closes: #913090)
     + CVE-2018-16843 Excessive memory usage in HTTP/2
     + CVE-2018-16844 Excessive CPU usage in HTTP/2
       This change limits the maximum allowed number of idle state
       switches to 10 * http2_max_requests (i.e., 10000 by default).
       This limits possible CPU usage in one connection, and also
       imposes a limit on the maximum lifetime of a connection
     + CVE-2018-16845 Memory disclosure in the ngx_http_mp4_module
Checksums-Sha1:
 d4eb4a8ee02083cf3d089b4fd1fe8190241ac2e9 4232 nginx_1.10.3-1+deb9u2.dsc
 6d1f0e634a679993357e7e689f617a3b66909521 847720 nginx_1.10.3-1+deb9u2.debian.tar.xz
 2d4c4312bca4e1e4547a292fcd1041756540ffb4 22683 nginx_1.10.3-1+deb9u2_amd64.buildinfo
Checksums-Sha256:
 9557cbc82c09ad8f7f5a3768d44fcf17597b26c815d0e01280f45b96435fb485 4232 nginx_1.10.3-1+deb9u2.dsc
 df36d4a157e668a1836f40ac0e97239845b9dd43217cb912aeb1e1c3791fbbfa 847720 nginx_1.10.3-1+deb9u2.debian.tar.xz
 68bf3c53c68d5ca5c1567ea7c390567e4140289295ce877dcaecad74e58c5ec8 22683 nginx_1.10.3-1+deb9u2_amd64.buildinfo
Files:
 67917768f9376acbcad20a9dccd80642 4232 httpd optional nginx_1.10.3-1+deb9u2.dsc
 42abc6defd19be5e8d7f64a3dbf0908f 847720 httpd optional nginx_1.10.3-1+deb9u2.debian.tar.xz
 3604cdd4d8c8d400342b491bf7ce87d2 22683 httpd optional nginx_1.10.3-1+deb9u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEf2SPbCEjyY+zKcgrETYmAKdH7NkFAlvkDa8ACgkQETYmAKdH
7NmPOw/+JzsjMY3Dj1TZ6qWmxnsgfgqo/u7Znxi06Tdt+mop2kqk+WX+SM5J3+g+
5klMXZ2WPJz0UPlLphK/koYWbmKMuEpV5iGlPXo02pQn5mxawUQSU/Sw3eo/mhd3
z8oPjiPFeth7ARfd0Hft9tbN8tKQ8hbfWyaLx7G+AZy+AVk8S/oaZrNytPke5/oI
tRVueG3Uij+mA8SUty2ax7ZdXKlVvmqXNJlbMO8lazTVxDbKgGmKgTcZ4rNVQXb9
mrtOVIEg+M9K3l86TIFSYig39ve+LEn86xMeI1myYcXb8WZ8M9U9XGxD6feVEeg/
taNfivj/q3QpsxTQipR7guRPsqvE9cFxqWk+SuBQXO+GxiRe824fa5lGB0s0Zq6g
iz4pjuwM+EvJjdhfLFuxZ9VfxyPVsXso4ED4gFefZmH0dm+S7cFOneB1/xX6Ofzl
DcDEr0bPWwDIh5H6o47aP4z0eJb4ud4SQOKbgzNqVky/c2opekfCDTe++AcIAacy
kroLyvUWVQEEj+LZP5AO2r6S+pMdhlwrc1wrgWmIo9np6n6VOUo/crMKXP+6A2Vo
OeDcMXt0nQtU5gdnq7bJwzJc6DYqBiBMQsATzFHLy+RNAz55zFuWizVao5jHFZ3N
HwzgOKfO5kpsUUAtyqRZDqvSK+29TZzB4cd0ko6lqmts6n/aeAI=
=SKqU
-----END PGP SIGNATURE-----
News for package nginx
