1
0
mirror of https://git.FreeBSD.org/ports.git synced 2025-01-02 06:03:50 +00:00

Update the recent nginx entry to cover the exact version range and include

information for CVE-2013-2070.
This commit is contained in:
Xin LI 2013-05-16 22:46:38 +00:00
parent 815ae8de86
commit 0a7fd89016
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=318342

View File

@ -170,34 +170,45 @@ Note: Please add new entries to the beginning of this file.
</vuln>
<vuln vid="efaa4071-b700-11e2-b1b9-f0def16c5c1b">
<topic>nginx -- Stack-based buffer overflow</topic>
<topic>nginx -- multiple vulnerabilities</topic>
<affects>
<package>
<name>nginx</name>
<range><ge>1.2.0,1</ge><lt>1.4.1,1</lt></range>
<range><ge>1.2.0,1</ge><le>1.2.8,1</le></range>
<range><ge>1.3.0,1</ge><lt>1.4.1,1</lt></range>
</package>
<package>
<name>nginx-devel</name>
<range><ge>1.1.4</ge><lt>1.5.0</lt></range>
<range><ge>1.1.4</ge><le>1.2.8</le></range>
<range><ge>1.3.0</ge><lt>1.5.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The nginx project reports:</p>
<blockquote cite="http://nginx.org/en/security_advisories.html">
<p>A stack-based buffer overflow might occur in a worker process
process while handling a specially crafted request, potentially
resulting in arbitrary code execution.</p>
<p>A stack-based buffer overflow might occur in a worker process
process while handling a specially crafted request, potentially
resulting in arbitrary code execution. [CVE-2013-2028]</p>
<p>A security problem related to CVE-2013-2028 was identified,
affecting some previous nginx versions if proxy_pass to
untrusted upstream HTTP servers is used.</p>
<p>The problem may lead to a denial of service or a disclosure of a
worker process memory on a specially crafted response from an
upstream proxied server. [CVE-2013-2070]</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-2028</cvename>
<cvename>CVE-2013-2070</cvename>
<url>http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html</url>
<url>http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html</url>
</references>
<dates>
<discovery>2013-05-07</discovery>
<entry>2013-05-07</entry>
<modified>2013-05-07</modified>
<modified>2013-05-16</modified>
</dates>
</vuln>