Activity log for bug #1182586

Date Who What changed Old value New value Message
2013-05-21 17:29:42 Thomas Ward bug added bug
2013-05-21 17:30:18 Thomas Ward cve linked 2013-2070
2013-05-21 17:30:57 Thomas Ward nominated for series Ubuntu Precise
2013-05-21 17:30:57 Thomas Ward nominated for series Ubuntu Quantal
2013-05-21 17:30:57 Thomas Ward nominated for series Ubuntu Raring
2013-05-21 17:34:08 Thomas Ward description This is CVE-2013-2070. An nginx proxy_pass buffer overflow risk is present. Per upstream, nginx versions 1.1.4 and higher are affected. Saucy has already received this fix as part of the 1.4.1-1 merge, as per bug 1177919. This is tracked on the Ubuntu Security Team CVE Tracker at http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2070.html The upstream patch for this is located at http://nginx.org/download/patch.2013.proxy.txt This bug is being created to track the status of this being fixed in affected nginx versions in releases of Ubuntu. (Bug importance was set to Medium per mdeslaur's guidance on IRC in #ubuntu-hardened.) This is CVE-2013-2070. An nginx proxy_pass buffer overflow risk is present. Per upstream, nginx versions 1.1.4 and higher are affected. As such, Precise, Quantal, and Raring are affected. Saucy has already received this fix as part of the 1.4.1-1 merge (bug 1177919). This is tracked on the Ubuntu Security Team CVE Tracker at http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2070.html The upstream patch for this is located at http://nginx.org/download/patch.2013.proxy.txt This bug is being created to track the status of this being fixed in affected nginx versions in releases of Ubuntu. (Bug importance was set to Medium per mdeslaur's guidance on IRC in #ubuntu-hardened.)
2013-05-21 20:16:56 Thomas Ward nginx (Ubuntu): assignee Thomas Ward (teward)
2013-05-23 17:58:32 Marc Deslauriers bug task added nginx (Ubuntu Precise)
2013-05-23 17:58:38 Marc Deslauriers bug task added nginx (Ubuntu Raring)
2013-05-23 17:58:43 Marc Deslauriers bug task added nginx (Ubuntu Quantal)
2013-05-23 17:59:31 Thomas Ward nginx (Ubuntu Precise): importance Undecided Medium
2013-05-23 17:59:33 Thomas Ward nginx (Ubuntu Quantal): importance Undecided Medium
2013-05-23 17:59:35 Thomas Ward nginx (Ubuntu Raring): importance Undecided Medium
2013-05-23 17:59:44 Thomas Ward nginx (Ubuntu Precise): assignee Thomas Ward (teward)
2013-05-23 17:59:46 Thomas Ward nginx (Ubuntu Quantal): assignee Thomas Ward (teward)
2013-05-23 17:59:47 Thomas Ward nginx (Ubuntu Raring): assignee Thomas Ward (teward)
2013-05-23 17:59:50 Thomas Ward nginx (Ubuntu): assignee Thomas Ward (teward)
2013-05-23 18:01:04 Thomas Ward nginx (Ubuntu Precise): status New Confirmed
2013-05-23 18:01:06 Thomas Ward nginx (Ubuntu Quantal): status New Confirmed
2013-05-23 18:01:08 Thomas Ward nginx (Ubuntu Raring): status New Confirmed
2013-05-23 18:01:13 Thomas Ward nginx (Ubuntu): status New Fix Released
2013-05-24 15:55:10 Thomas Ward nginx (Ubuntu Precise): status Confirmed In Progress
2013-05-24 15:55:12 Thomas Ward nginx (Ubuntu Quantal): status Confirmed In Progress
2013-05-24 15:55:14 Thomas Ward nginx (Ubuntu Raring): status Confirmed In Progress
2013-05-24 16:55:47 Thomas Ward attachment added Precise debdiff for this bug https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1182586/+attachment/3685928/+files/lp1182586-precise.debdiff
2013-05-24 16:57:08 Thomas Ward attachment added Quantal debdiff for this bug https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1182586/+attachment/3685929/+files/lp1182586-quantal.debdiff
2013-05-24 16:57:57 Thomas Ward attachment added Raring debdiff for this bug https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1182586/+attachment/3685930/+files/lp1182586-raring.debdiff
2013-05-24 19:13:21 Thomas Ward nginx (Ubuntu Precise): status In Progress Confirmed
2013-05-24 19:13:23 Thomas Ward nginx (Ubuntu Quantal): status In Progress Confirmed
2013-05-24 19:13:25 Thomas Ward nginx (Ubuntu Raring): status In Progress Confirmed
2013-05-24 19:13:27 Thomas Ward nginx (Ubuntu Precise): assignee Thomas Ward (teward)
2013-05-24 19:13:29 Thomas Ward nginx (Ubuntu Quantal): assignee Thomas Ward (teward)
2013-05-24 19:13:31 Thomas Ward nginx (Ubuntu Raring): assignee Thomas Ward (teward)
2013-05-24 21:03:15 Thomas Ward bug added subscriber Ubuntu Security Sponsors Team
2013-05-28 20:53:33 Jamie Strandboge removed subscriber Ubuntu Security Sponsors Team
2013-05-28 20:53:59 Jamie Strandboge nginx (Ubuntu Precise): status Confirmed Fix Committed
2013-05-28 20:54:01 Jamie Strandboge nginx (Ubuntu Quantal): status Confirmed Fix Committed
2013-05-28 20:54:03 Jamie Strandboge nginx (Ubuntu Raring): status Confirmed Fix Committed
2013-05-29 00:27:19 Launchpad Janitor nginx (Ubuntu Precise): status Fix Committed Fix Released
2013-05-29 00:27:24 Launchpad Janitor nginx (Ubuntu Quantal): status Fix Committed Fix Released
2013-05-29 00:27:28 Launchpad Janitor nginx (Ubuntu Raring): status Fix Committed Fix Released
2013-05-29 00:44:14 Launchpad Janitor branch linked lp:ubuntu/precise-security/nginx
2013-05-29 00:44:23 Launchpad Janitor branch linked lp:~ubuntu-branches/ubuntu/quantal/nginx/quantal-security
2013-05-29 00:44:33 Launchpad Janitor branch linked lp:~ubuntu-branches/ubuntu/raring/nginx/raring-security