Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

To: "Suryadevara, Revanth" <Revanth.Suryadevara@arcserve.com>
Cc: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution
From: Klaus Singvogel <deb-user-ml@singvogel.net>
Date: Tue, 15 Sep 2020 15:38:33 +0200
Message-id: <[🔎] 20200915133833.GA3463@singvogel.net>
In-reply-to: <[🔎] CH2PR10MB4296061D4E3FFF04E7D7E16B87200@CH2PR10MB4296.namprd10.prod.outlook.com>
References: <[🔎] CH2PR10MB42965D9F4805370301F2F78787200@CH2PR10MB4296.namprd10.prod.outlook.com> <[🔎] 20200915080145.GA27634@singvogel.net> <[🔎] CH2PR10MB42967FFEDE13ABB03FD3BE8F87200@CH2PR10MB4296.namprd10.prod.outlook.com> <[🔎] 20200915093940.GA29994@singvogel.net> <[🔎] CH2PR10MB4296061D4E3FFF04E7D7E16B87200@CH2PR10MB4296.namprd10.prod.outlook.com>

Hi Revanth,

Suryadevara, Revanth wrote:
> Hi  Klaus,
> 
> Just needed to re-confirm couple of things here
> 
> 1. I understand that the NGINX version shipped by default is secured and will be updated with patches should there be some security issues. But my question is, Can we expect the latest version of NGINX(i.e. v1.18.x) to be available in Debian 10, soon ? If yes, when ?

As others said, and I explained already: no.

Debian 10's version of a package will never change. No new features, no
loss of features, no new syntax of configurations, no other changes.

> 2.  Please provide some kind of confirmation on CVE-2020-11879
> 	If Vulnerability was already addressed, please point me to some article which confirms the same.
> 	If not addressed, please confirm on when can we expect 3.35.91 or greater version to be available in Debian 	10?

No: no new version.

If you're unhappy with that, think about these choices:

- install upcoming Debian 11 (Testing, Bullseye) and live with the changes
  of packages and possible errors in the system. Release date unknown.

- install Debian Sid (Unstable) and live with many more changes

- if both are not fullfilling your needs, think about a different
  distribution: LFS (Linux from Scratch), or Yocto, or commerical one.

  But beware of the security updates. AFAIK both, LFS and Yocto, needs
  your effort to keep your machine(s) secure.

Best regards,
	Klaus.
-- 
Klaus Singvogel
GnuPG-Key-ID: 1024R/5068792D  1994-06-27

Reply to:

Follow-Ups:
- Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution
  - From: Greg Wooledge <wooledg@eeg.ccf.org>
- Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution
  - From: Eduardo M KALINOWSKI <eduardo@kalinowski.com.br>

References:
- Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution
  - From: "Suryadevara, Revanth" <Revanth.Suryadevara@arcserve.com>
- Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution
  - From: Klaus Singvogel <deb-user-ml@singvogel.net>
- RE: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution
  - From: "Suryadevara, Revanth" <Revanth.Suryadevara@arcserve.com>
- Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution
  - From: Klaus Singvogel <deb-user-ml@singvogel.net>
- RE: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution
  - From: "Suryadevara, Revanth" <Revanth.Suryadevara@arcserve.com>

Prev by Date: Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution
Next by Date: Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution
Previous by thread: Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution
Next by thread: Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution
Index(es):
- Date
- Thread