nginx - Debian Package Tracker

general

source: nginx (main)
version: 1.24.0-1
maintainer: Debian Nginx Maintainers (archive) (DMD)
uploaders: Jan Mojžíš [DMD] [DM]
arch: all any
std-ver: 4.6.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.14.2-2+deb10u4
o-o-sec: 1.14.2-2+deb10u5
oldstable: 1.18.0-6.1+deb11u3
old-sec: 1.18.0-6.1+deb11u3
stable: 1.22.1-9
testing: 1.24.0-1
unstable: 1.24.0-1

versioned links

1.14.2-2+deb10u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.14.2-2+deb10u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.18.0-6.1+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.22.1-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.24.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libnginx-mod-http-geoip (1 bugs: 0, 1, 0, 0)
libnginx-mod-http-image-filter
libnginx-mod-http-perl
libnginx-mod-http-xslt-filter
libnginx-mod-mail
libnginx-mod-stream
libnginx-mod-stream-geoip (1 bugs: 0, 1, 0, 0)
nginx (15 bugs: 0, 9, 6, 0)
nginx-common (8 bugs: 0, 7, 1, 0)
nginx-core
nginx-dev (3 bugs: 0, 1, 2, 0)
nginx-doc
nginx-extras (6 bugs: 0, 3, 3, 0)
nginx-full
nginx-light (1 bugs: 0, 1, 0, 0)

action needed

Marked for autoremoval on 04 October due to libnginx-mod-http-lua: #1050186 high

Version 1.24.0-1 of nginx is marked for autoremoval from testing on Wed 04 Oct 2023. It depends (transitively) on libnginx-mod-http-lua, affected by #1050186. You should try to prevent the removal by fixing these RC bugs.

Created: 2023-08-28 Last update: 2023-09-24 11:45

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2013-0337: The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

Created: 2023-06-11 Last update: 2023-07-12 13:07

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2013-0337: The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

Created: 2022-07-04 Last update: 2023-07-12 13:07

7 bugs tagged patch in the BTS normal

The BTS contains patches fixing 7 bugs (14 if counting merged bugs), consider including or untagging them.

Created: 2023-09-13 Last update: 2023-09-24 11:35

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2023-07-13 Last update: 2023-09-24 10:09

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.24.0-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit dbecf37340289e32b3e0141e7c08e9c178cf24e0
Author: Jan Mojžíš <jan.mojzis@gmail.com>
Date:   Wed Aug 30 15:52:01 2023 +0200

    d/po/sv.po added Swedish debconf translation

commit f72db03173285ea75bea1af58a21449c932787e2
Author: Jan Mojžíš <jan.mojzis@gmail.com>
Date:   Wed Aug 30 15:50:18 2023 +0200

    d/po/sv.po added Swedish debconf translation

commit 1af98908902c2718fe6324ec584cf24b69874645
Merge: 8c4549c8 1669ce81
Author: Jan Mojžíš <jan.mojzis@gmail.com>
Date:   Mon Jul 17 05:11:55 2023 +0000

    Merge branch 'mimetypes' into 'main'
    
    d/conf/mime.types add video/ogg, video/x-matroska
    
    See merge request nginx-team/nginx!71

commit 1669ce81fafde1e06508bbcc46c67f90a867c385
Author: Jan Mojžíš <jan.mojzis@gmail.com>
Date:   Mon Jul 17 06:25:37 2023 +0200

    d/conf/mime.types add video/ogg, video/x-matroska

commit d99a0ddc0bd902aa0756942b9ac8fcc5cad59282
Author: Jan Mojžíš <jan.mojzis@gmail.com>
Date:   Mon Jul 17 06:25:07 2023 +0200

    d/conf/mime.types copy mime.types from upstream nginx,
    no big changes, just reformat the text

commit 8c4549c82a6b366ac9373ccb6bcef1af7179b167
Merge: ed637070 7b0bfbb9
Author: Jan Mojžíš <jan.mojzis@gmail.com>
Date:   Mon Jul 17 03:51:47 2023 +0000

    Merge branch 'rmdhstripoverride' into 'main'
    
    d/rules remove override_dh_strip
    
    See merge request nginx-team/nginx!69

commit 7b0bfbb9f32a1a1d173edd43c29e26a104054d4e
Author: Jan Mojžíš <jan.mojzis@gmail.com>
Date:   Mon Jul 17 05:24:19 2023 +0200

    d/rules removed override_dh_strip

commit ed6370703dcd701ce839a3fc856db048444b7370
Merge: 82149d89 9d8220a1
Author: Jan Mojžíš <jan.mojzis@gmail.com>
Date:   Sat Jul 15 20:19:27 2023 +0000

    Merge branch 'rodebconf' into 'main'
    
    d/po/ro.po add Romanian debconf translation
    
    See merge request nginx-team/nginx!68

commit 9d8220a199606811a7fc530df9d98d6f661b395e
Author: Jan Mojžíš <jan.mojzis@gmail.com>
Date:   Sat Jul 15 21:24:09 2023 +0200

    d/po/ro.po add Romanian debconf translation

commit 82149d89bff0ecccc11c1865efed3b785559e8c2
Merge: c40dd6a7 b8d91444
Author: Jan Mojžíš <jan.mojzis@gmail.com>
Date:   Sat Jul 15 19:08:49 2023 +0000

    Merge branch 'fixdhstrip' into 'main'
    
    * d/rules fixed debug-symbol-migration-possibly-complete lintian warning
    
    See merge request nginx-team/nginx!67

commit b8d9144432ae3f0f07f01f8da6c89b66526be8b0
Author: Jan Mojžíš <jan.mojzis@gmail.com>
Date:   Sat Jul 15 20:24:35 2023 +0200

    * d/rules fixed debug-symbol-migration-possibly-complete lintian warning

commit c40dd6a74f81a5ba2c6877f9d078e63b2277f948
Merge: 54146b60 3f8de1c0
Author: Jan Mojžíš <jan.mojzis@gmail.com>
Date:   Sat Jul 15 14:55:46 2023 +0000

    Merge branch 'fixdeps' into 'main'
    
    d/control add dependency nginx-common to nginx
    
    See merge request nginx-team/nginx!66

commit 3f8de1c0866b174a505deade1fb172bd6300f92e
Author: Jan Mojžíš <jan.mojzis@gmail.com>
Date:   Thu Jul 13 20:35:28 2023 +0200

    d/control fixed binNMU safe dependency declaration nginx to nginx-common

commit 2d48a8c8ece57bd74eb1539f6a8b0fbea37dabc8
Author: Jan Mojžíš <jan.mojzis@gmail.com>
Date:   Fri Jun 30 11:54:17 2023 +0200

    d/control add dependency nginx-common to nginx

Created: 2023-07-15 Last update: 2023-09-18 09:09

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2023-02-10 Last update: 2023-03-14 17:04

debian/patches: 2 patches to forward upstream low

Among the 3 debian patches available in version 1.24.0-1 of the package, we noticed the following issues:

2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-06-28 12:41

No known security issue in bullseye wishlist

There are 2 open security issues in bullseye.

2 ignored issues:

CVE-2013-0337: The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
CVE-2020-36309: ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.

Created: 2022-07-04 Last update: 2023-07-12 13:07

No known security issue in bookworm wishlist

There is 1 open security issue in bookworm.

1 ignored issue:

CVE-2013-0337: The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

Created: 2023-06-10 Last update: 2023-07-12 13:07

testing migrations

This package will soon be part of the auto-perl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2023-07-13] nginx 1.24.0-1 MIGRATED to testing (Debian testing watch)
[2023-06-27] Accepted nginx 1.24.0-1 (source) into unstable (Jan Mojžíš)
[2023-06-26] Accepted nginx 1.24.0-1~exp1 (source) into experimental (Jan Mojžíš)
[2023-04-04] nginx 1.22.1-9 MIGRATED to testing (Debian testing watch)
[2023-03-14] Accepted nginx 1.22.1-9 (source) into unstable (Jan Mojžíš)
[2023-03-14] Accepted nginx 1.22.1-8 (source) into unstable (Jan Mojžíš)
[2023-02-24] nginx 1.22.1-7 MIGRATED to testing (Debian testing watch)
[2023-02-13] Accepted nginx 1.22.1-7 (source) into unstable (Jan Mojžíš)
[2023-02-13] nginx 1.22.1-6 MIGRATED to testing (Debian testing watch)
[2023-02-08] Accepted nginx 1.22.1-6 (source) into unstable (Jan Mojžíš)
[2023-02-04] Accepted nginx 1.22.1-6~exp1 (source) into experimental (Jan Mojžíš)
[2022-12-23] nginx 1.22.1-5 MIGRATED to testing (Debian testing watch)
[2022-12-20] Accepted nginx 1.22.1-5 (source) into unstable (Jan Mojžíš)
[2022-12-20] nginx 1.22.1-4 MIGRATED to testing (Debian testing watch)
[2022-12-08] Accepted nginx 1.22.1-4 (source) into unstable (Jan Mojžíš)
[2022-12-05] Accepted nginx 1.22.1-3 (source) into unstable (Jan Mojžíš)
[2022-12-03] Accepted nginx 1.22.1-3~exp1 (source) into experimental (Jan Mojžíš)
[2022-12-03] nginx 1.22.1-2 MIGRATED to testing (Debian testing watch)
[2022-11-30] Accepted nginx 1.22.1-2 (source) into unstable (Jan Mojžíš)
[2022-11-28] Accepted nginx 1.22.1-2~exp2 (source) into experimental (Jan Mojžíš)
[2022-11-26] Accepted nginx 1.22.1-2~exp1 (source) into experimental (Jan Mojžíš)
[2022-11-22] Accepted nginx 1.14.2-2+deb10u5 (source) into oldstable (Markus Koschany)
[2022-11-19] Accepted nginx 1.18.0-6.1+deb11u3 (source) into proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2022-11-15] Accepted nginx 1.18.0-6.1+deb11u3 (source) into stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2022-11-14] nginx 1.22.1-1 MIGRATED to testing (Debian testing watch)
[2022-11-10] Accepted nginx 1.22.1-1 (source) into unstable (Jan Mojžíš)
[2022-10-28] Accepted nginx 1.22.1-1~exp2 (source) into experimental (Jan Mojžíš)
[2022-10-27] Accepted nginx 1.22.1-1~exp1 (source) into experimental (Jan Mojžíš)
[2022-10-17] nginx 1.22.0-3.1 MIGRATED to testing (Debian testing watch)
[2022-10-15] Accepted nginx 1.22.0-3.1 (source) into unstable (Michael Biebl)

bugs [bug history graph]

all: 43 50
RC: 0
I&N: 25
M&W: 16 23
F&P: 2
patch: 7 14

links

homepage
lintian (0, 2)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (100, -)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.24.0-1ubuntu1
18 bugs (1 patch)
patches for 1.24.0-1ubuntu1