[BSA-066] Security Update for nginx

To: debian-backports-announce@lists.debian.org
Subject: [BSA-066] Security Update for nginx
From: Cyril Lavier <cyril.lavier@davromaniak.eu>
Date: Wed, 21 Mar 2012 18:39:24 +0100
Message-id: <[🔎] 4F6A124C.9060503@davromaniak.eu>

I uploaded new packages for nginx which fixed the following security
problems:

DSA-2434-1 nginx -- sensitive information leak

Matthew Daley discovered a memory disclosure vulnerability in nginx. In
previous versions of this web server, an attacker can receive the
content of previously freed memory if an upstream server returned a
specially crafted HTTP response, potentially exposing sensitive
information.

For the squeeze-backports distribution the problems have been fixed in
version

    1.1.17-2~bpo60+1

For wheezy (testing) and sid (unstable) this was fixed in version

    1.1.17-2

For squeeze (stable), this was fixed in version

    0.7.67-3+squeeze2

Thanks.

-- 
Cyril "Davromaniak" Lavier
KeyID 59E9A881
http://www.davromaniak.eu

Attachment: 0x59E9A881.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: [BSA-065] Security Update for puppet
Next by Date: [BSA-068] Security Update for freetype
Previous by thread: [BSA-065] Security Update for puppet
Next by thread: [BSA-068] Security Update for freetype
Index(es):
- Date
- Thread