Please backport nginx 0.6.35 to Hardy, Intrepid from Jaunty Security

Bug #430913 reported by Andres Rodriguez
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Hardy Backports
Fix Released
Undecided
Unassigned
Intrepid Ibex Backports
Fix Released
Undecided
Unassigned
Jaunty Jackalope Backports
Invalid
Undecided
Andres Rodriguez

Bug Description

Please backport nginx 0.6.39 to Hardy, Intrepid and Jaunty. This new upstream release contains a SECURITY vulnerability detailed in CVE-2009-2629. For more information about this please see [1].

[1]: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/430064

Changed in hardy-backports:
status: New → In Progress
assignee: nobody → Andres E. Rodriguez Lazo (andreserl)
Changed in intrepid-backports:
assignee: nobody → Andres E. Rodriguez Lazo (andreserl)
status: New → In Progress
Changed in jaunty-backports:
assignee: nobody → Andres E. Rodriguez Lazo (andreserl)
status: New → In Progress
Revision history for this message
Andres Rodriguez (andreserl) wrote :

Packages built can be found here: https://launchpad.net/~andreserl/+archive/ppa

Revision history for this message
Andres Rodriguez (andreserl) wrote :

Attaching Debdiffs between nginx_0.6.35-0ubuntu1 and nginx_0.6.39-0ubuntu1~jaunty1

Revision history for this message
Andres Rodriguez (andreserl) wrote :

Attaching debdiff between nginx_0.6.35-0ubuntu1 and nginx_0.6.39-0ubuntu1~intrepid1

Revision history for this message
Andres Rodriguez (andreserl) wrote :

Attaching debdiff between nginx_0.6.35-0ubuntu1 and nginx_0.6.39-0ubuntu1~hardy1

Revision history for this message
Andres Rodriguez (andreserl) wrote :

Just to clarify, I took jaunty package (nginx_0.6.35-0ubuntu1), and updated it to nginx_0.6.39-0ubuntu1 and created changelog entries (and changes where applicable) for each jaunty, intrepid, and hardy.

I uploaded the packages to my PPA, then installed them on VMs and test to install and run. They installed and run as supposed.

Changed in jaunty-backports:
status: In Progress → Invalid
summary: - Please backport nginx 0.6.39 to Hardy, Intrepid, Jaunty
+ Please backport nginx 0.6.35 to Hardy to Intrepid from Jaunty Security
Revision history for this message
Andres Rodriguez (andreserl) wrote :

Attaching Hardy debdiff

summary: - Please backport nginx 0.6.35 to Hardy to Intrepid from Jaunty Security
+ Please backport nginx 0.6.35 to Hardy, Intrepid from Jaunty Security
Revision history for this message
Andres Rodriguez (andreserl) wrote :

Attaching Intrepid debdiff

Revision history for this message
Andres Rodriguez (andreserl) wrote :

Build logs can be found in my PPA: https://launchpad.net/~andreserl/+archive/ppa?field.series_filter=

It build/installs/runs. I've tested if packages install and runs in their respective VMs.

Changed in hardy-backports:
status: In Progress → Confirmed
Changed in intrepid-backports:
status: In Progress → Confirmed
Changed in hardy-backports:
assignee: Andres E. Rodriguez Lazo (andreserl) → nobody
Changed in intrepid-backports:
assignee: Andres E. Rodriguez Lazo (andreserl) → nobody
Revision history for this message
Jonathan Riddell (jr) wrote :

Why is this confirmed when nobody from the backports team has looked at it?

Revision history for this message
John Dong (jdong) wrote :

Hi Jonathan,

It is my oversight; The Confirmed state indicates that the backport has been verified by someone in the community to be appropriate. In Progress or Fix Committed should be set by a backports team member to indicate official blessing or sponsored upload for source-change backports, respectively.

In this case, I've reviewed the debdiffs and sponsored them, and should've set to Fix Committed for both the Hardy and Intrepid tasks.

I apologize for the confusion.

Revision history for this message
Scott Kitterman (kitterman) wrote :

Accepted Intrepid.

Changed in intrepid-backports:
status: Confirmed → Fix Released
Revision history for this message
Scott Kitterman (kitterman) wrote :

Hardy accepted.

Changed in hardy-backports:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.