diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 56f91d35fb31..5be0bfeac605 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -170,34 +170,45 @@ Note: Please add new entries to the beginning of this file. - nginx -- Stack-based buffer overflow + nginx -- multiple vulnerabilities nginx - 1.2.0,11.4.1,1 + 1.2.0,11.2.8,1 + 1.3.0,11.4.1,1 nginx-devel - 1.1.41.5.0 + 1.1.41.2.8 + 1.3.01.5.0

The nginx project reports:

-

A stack-based buffer overflow might occur in a worker process - process while handling a specially crafted request, potentially - resulting in arbitrary code execution.

+

A stack-based buffer overflow might occur in a worker process + process while handling a specially crafted request, potentially + resulting in arbitrary code execution. [CVE-2013-2028]

+

A security problem related to CVE-2013-2028 was identified, + affecting some previous nginx versions if proxy_pass to + untrusted upstream HTTP servers is used.

+

The problem may lead to a denial of service or a disclosure of a + worker process memory on a specially crafted response from an + upstream proxied server. [CVE-2013-2070]

 CVE-2013-2028 + CVE-2013-2070 + http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html + http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html 2013-05-07 2013-05-07 - 2013-05-07 + 2013-05-16