On Tue, Sep 15, 2020 at 12:23:11PM +0000, Suryadevara, Revanth wrote: > Hi Klaus, > > Just needed to re-confirm couple of things here > > 1. I understand that the NGINX version shipped by default is secured and will be updated with patches should there be some security issues. But my question is, Can we expect the latest version of NGINX(i.e. v1.18.x) to be available in Debian 10, soon ? If yes, when ? Debian doesn't change package versions in its stable release (except exceptions, see Greg's post in this thread). That's the meaning of "stable". Debian 10, aka Buster is the current stable version [1]. So the answer is "most probably not". > 2. Please provide some kind of confirmation on CVE-2020-11879 > If Vulnerability was already addressed, please point me to some article which confirms the same. > If not addressed, please confirm on when can we expect 3.35.91 or greater version to be available in Debian 10? Well, you can do that yourself. Enter "CVE-2020-11879 site:debian.org" into your favourite Internet search engine (which hopefully isn't Google, but I disgress), you'll be lead to [2]. Follow the links from there, and you'll get lots of information :-) Cheers [1] https://www.debian.org/releases/index.html [2] https://security-tracker.debian.org/tracker/CVE-2020-11879 - t
Attachment:
signature.asc
Description: Digital signature