Bug#943468: marked as done (php-fpm: CVE-2019-11043: Vulnerability in PHP-FPM Could Lead to Remote Code Execution on nginx)

Debian Bug Tracking System Sun, 01 Dec 2019 09:00:41 -0800

Your message dated Sun, 1 Dec 2019 17:57:43 +0100
with message-id <20191201165739.ga13...@debian.org>
and subject line Re: Bug#943468: php-fpm: CVE-2019-11043: Vulnerability in 
PHP-FPM Could Lead to Remote Code Execution on nginx
has caused the Debian Bug report #943468,
regarding php-fpm: CVE-2019-11043: Vulnerability in PHP-FPM Could Lead to 
Remote Code Execution on nginx
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
943468: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943468
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: php7.3-fpm
Severity: normal
Tags: security fixed-upstream

I've got this info via nextcloud notification:
https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/

Some more details are here:
https://de.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx

I'm not sure about the severity, please adjust if necessary.

--
tobi


-- System Information:
Debian Release: bullseye/sid
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), 
LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages php7.3-fpm depends on:
ii  libapparmor1    2.13.3-4
ii  libargon2-1     0~20171227-0.2
ii  libc6           2.28-10
ii  libmagic1       1:5.37-5
ii  libpcre2-8-0    10.32-5
ii  libsodium23     1.0.17-1
ii  libssl1.1       1.1.1d-0+deb10u2
ii  libsystemd0     241-7
ii  libxml2         2.9.4+dfsg1-7+b3
ii  mime-support    3.62
pn  php7.3-cli      <none>
pn  php7.3-common   <none>
pn  php7.3-json     <none>
pn  php7.3-opcache  <none>
ii  tzdata          2019b-1
ii  ucf             3.0038+nmu1
ii  zlib1g          1:1.2.11.dfsg-1

php7.3-fpm recommends no packages.

Versions of packages php7.3-fpm suggests:
pn  php-pear  <none>

--- End Message ---

--- Begin Message ---

Version: 7.3.12-1

On Sun, Dec 01, 2019 at 12:06:40PM +0100, Ivo De Decker wrote:
> Please fix this by uploading a new version to unstable.

This happened now. Thanks!

The upload didn't close this bug. Doing so now.

Ivo

--- End Message ---

Bug#943468: marked as done (php-fpm: CVE-2019-11043: Vulnerability in PHP-FPM Could Lead to Remote Code Execution on nginx)

Reply via email to