Mercurial > hg > nginx-site

annotate xml/en/security_advisories.xml @ 2272:3fa4584907b8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx-1.15.6, nginx-1.14.1
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 06 Nov 2018 17:51:30 +0300
parents cf8d95bfcf72
children 626533759806
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
580
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 525
diff changeset
1 <!--
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 525
diff changeset
2 Copyright (C) Igor Sysoev
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 525
diff changeset
3 Copyright (C) Nginx, Inc.
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 525
diff changeset
4 -->
be54c443235a Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents: 525
diff changeset
5
50
9d544687d02c Fixed DOCTYPE declaration.
Ruslan Ermilov <ru@nginx.com>
parents: 0
diff changeset
6 <!DOCTYPE article SYSTEM "../../dtd/article.dtd">
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
7
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
8 <article name="nginx security advisories"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
9 link="/en/security_advisories.html"
589
764fbac1b8b4 Added document revision.
Ruslan Ermilov <ru@nginx.com>
parents: 580
diff changeset
10 lang="en"
764fbac1b8b4 Added document revision.
Ruslan Ermilov <ru@nginx.com>
parents: 580
diff changeset
11 rev="1">
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
12
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
13 <section>
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
14
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
15 <para>
457
ab9453c6b9c6 A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents: 447
diff changeset
16 All nginx security issues should be reported to
ab9453c6b9c6 A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents: 447
diff changeset
17 <link url="mailto:security-alert@nginx.org">security-alert@nginx.org</link>.
ab9453c6b9c6 A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents: 447
diff changeset
18 </para>
ab9453c6b9c6 A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents: 447
diff changeset
19
ab9453c6b9c6 A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents: 447
diff changeset
20 <para>
458
cdf45fe0d9de Made the link to PGP public keys read as a full sentence.
Ruslan Ermilov <ru@nginx.com>
parents: 457
diff changeset
21 Patches are signed using one of the
cdf45fe0d9de Made the link to PGP public keys read as a full sentence.
Ruslan Ermilov <ru@nginx.com>
parents: 457
diff changeset
22 <link doc="pgp_keys.xml">PGP public keys</link>.
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
23 </para>
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
24
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
25 <security>
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
26
2272
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
27 <item name="Excessive memory usage in HTTP/2"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
28 severity="low"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
29 cve="2018-16843"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
30 good="1.15.6+, 1.14.1+"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
31 vulnerable="1.9.5-1.15.5">
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
32 </item>
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
33
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
34 <item name="Excessive CPU usage in HTTP/2"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
35 severity="low"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
36 cve="2018-16844"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
37 good="1.15.6+, 1.14.1+"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
38 vulnerable="1.9.5-1.15.5">
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
39 </item>
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
40
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
41 <item name="Memory disclosure in the ngx_http_mp4_module"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
42 severity="medium"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
43 cve="2018-16845"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
44 good="1.15.6+, 1.14.1+"
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
45 vulnerable="1.1.3-1.15.5, 1.0.7-1.0.15">
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
46 <patch name="patch.2018.mp4.txt" />
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
47 </item>
3fa4584907b8 nginx-1.15.6, nginx-1.14.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 2011
diff changeset
48
2010
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
49 <item name="Integer overflow in the range filter"
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
50 severity="medium"
2011
cf8d95bfcf72 Range filter advisory link added.
Maxim Dounin <mdounin@mdounin.ru>
parents: 2010
diff changeset
51 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
2010
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
52 cve="2017-7529"
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
53 good="1.13.3+, 1.12.1+"
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
54 vulnerable="0.5.6-1.13.2">
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
55 <patch name="patch.2017.ranges.txt" />
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
56 </item>
18ff9016b82f nginx-1.13.3, nginx-1.12.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1716
diff changeset
57
1715
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
58 <item name="NULL pointer dereference while writing client request body"
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
59 severity="medium"
1716
ecea2f0d22b6 Write request body advisory link updated.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1715
diff changeset
60 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"
1715
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
61 cve="2016-4450"
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
62 good="1.11.1+, 1.10.1+"
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
63 vulnerable="1.3.9-1.11.0">
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
64 <patch name="patch.2016.write.txt" versions="1.9.13-1.11.0" />
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
65 <patch name="patch.2016.write2.txt" versions="1.3.9-1.9.12" />
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
66 </item>
ce35c4764409 nginx-1.11.1, nginx-1.10.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1647
diff changeset
67
1645
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
68 <item name="Invalid pointer dereference in resolver"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
69 severity="medium"
1647
e85d7bd9345f Advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1645
diff changeset
70 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"
1645
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
71 cve="2016-0742"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
72 good="1.9.10+, 1.8.1+"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
73 vulnerable="0.6.18-1.9.9" />
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
74
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
75 <item name="Use-after-free during CNAME response processing in resolver"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
76 severity="medium"
1647
e85d7bd9345f Advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1645
diff changeset
77 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"
1645
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
78 cve="2016-0746"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
79 good="1.9.10+, 1.8.1+"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
80 vulnerable="0.6.18-1.9.9" />
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
81
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
82 <item name="Insufficient limits of CNAME resolution in resolver"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
83 severity="medium"
1647
e85d7bd9345f Advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1645
diff changeset
84 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"
1645
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
85 cve="2016-0747"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
86 good="1.9.10+, 1.8.1+"
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
87 vulnerable="0.6.18-1.9.9" />
d4b29af80036 nginx-1.9.10, nginx-1.8.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1292
diff changeset
88
1292
bb18e3bd3fb9 nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents: 1265
diff changeset
89 <item name="SSL session reuse vulnerability"
bb18e3bd3fb9 nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents: 1265
diff changeset
90 severity="medium"
1647
e85d7bd9345f Advisory links.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1645
diff changeset
91 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"
1292
bb18e3bd3fb9 nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents: 1265
diff changeset
92 cve="2014-3616"
bb18e3bd3fb9 nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents: 1265
diff changeset
93 good="1.7.5+, 1.6.2+"
bb18e3bd3fb9 nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents: 1265
diff changeset
94 vulnerable="0.5.6-1.7.4">
bb18e3bd3fb9 nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents: 1265
diff changeset
95 </item>
bb18e3bd3fb9 nginx-1.7.5, nginx-1.6.2
Maxim Dounin <mdounin@mdounin.ru>
parents: 1265
diff changeset
96
1264
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
97 <item name="STARTTLS command injection"
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
98 severity="medium"
1265
ba6da8f0ecd2 Added STARTTLS advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1264
diff changeset
99 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html"
1264
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
100 cve="2014-3556"
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
101 good="1.7.4+, 1.6.1+"
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
102 vulnerable="1.5.6-1.7.3">
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
103 <patch name="patch.2014.starttls.txt" />
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
104 </item>
f6d12250cda5 nginx-1.7.4, nginx-1.6.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 1100
diff changeset
105
1098
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
106 <item name="SPDY heap buffer overflow"
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
107 severity="major"
1100
287c2a9c9d63 Added spdy2 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1098
diff changeset
108 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"
1098
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
109 cve="2014-0133"
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
110 good="1.5.12+, 1.4.7+"
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
111 vulnerable="1.3.15-1.5.11">
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
112 <patch name="patch.2014.spdy2.txt" />
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
113 </item>
bc2a379c4cb6 nginx-1.5.12, nginx-1.4.7
Maxim Dounin <mdounin@mdounin.ru>
parents: 1094
diff changeset
114
1092
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
115 <item name="SPDY memory corruption"
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
116 severity="major"
1094
1171d273df8f Added SPDY advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1092
diff changeset
117 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html"
1092
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
118 cve="2014-0088"
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
119 good="1.5.11+"
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
120 vulnerable="1.5.10">
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
121 <patch name="patch.2014.spdy.txt" />
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
122 </item>
fbb81cb6b012 nginx-1.4.6, nginx-1.5.11
Maxim Dounin <mdounin@mdounin.ru>
parents: 1014
diff changeset
123
1012
f7fe7da742c6 nginx-1.5.7, nginx-1.4.4
Maxim Dounin <mdounin@mdounin.ru>
parents: 909
diff changeset
124 <item name="Request line parsing vulnerability"
f7fe7da742c6 nginx-1.5.7, nginx-1.4.4
Maxim Dounin <mdounin@mdounin.ru>
parents: 909
diff changeset
125 severity="medium"
1013
48fe3c9534bd Added link to request line parsing advisory.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1012
diff changeset
126 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"
1012
f7fe7da742c6 nginx-1.5.7, nginx-1.4.4
Maxim Dounin <mdounin@mdounin.ru>
parents: 909
diff changeset
127 cve="2013-4547"
f7fe7da742c6 nginx-1.5.7, nginx-1.4.4
Maxim Dounin <mdounin@mdounin.ru>
parents: 909
diff changeset
128 good="1.5.7+, 1.4.4+"
1014
7ec9a1afbadc Typo fixed.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1013
diff changeset
129 vulnerable="0.8.41-1.5.6">
1012
f7fe7da742c6 nginx-1.5.7, nginx-1.4.4
Maxim Dounin <mdounin@mdounin.ru>
parents: 909
diff changeset
130 <patch name="patch.2013.space.txt" />
f7fe7da742c6 nginx-1.5.7, nginx-1.4.4
Maxim Dounin <mdounin@mdounin.ru>
parents: 909
diff changeset
131 </item>
f7fe7da742c6 nginx-1.5.7, nginx-1.4.4
Maxim Dounin <mdounin@mdounin.ru>
parents: 909
diff changeset
132
906
ec5d7bb1d40c Added CVE-2013-2070 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents: 904
diff changeset
133 <item name="Memory disclosure with specially crafted HTTP backend responses"
904
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
134 severity="medium"
906
ec5d7bb1d40c Added CVE-2013-2070 advisory link.
Maxim Dounin <mdounin@mdounin.ru>
parents: 904
diff changeset
135 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html"
904
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
136 cve="2013-2070"
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
137 good="1.5.0+, 1.4.1+, 1.2.9+"
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
138 vulnerable="1.1.4-1.2.8, 1.3.9-1.4.0">
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
139 <patch name="patch.2013.chunked.txt" versions="1.3.9-1.4.0" />
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
140 <patch name="patch.2013.proxy.txt" versions="1.1.4-1.2.8" />
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
141 </item>
22bd9315e047 nginx-1.2.9
Maxim Dounin <mdounin@mdounin.ru>
parents: 901
diff changeset
142
899
012feca3d85f nginx-1.5.0, nginx-1.4.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 589
diff changeset
143 <item name="Stack-based buffer overflow with specially crafted request"
012feca3d85f nginx-1.5.0, nginx-1.4.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 589
diff changeset
144 severity="major"
901
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
145 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html"
899
012feca3d85f nginx-1.5.0, nginx-1.4.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 589
diff changeset
146 cve="2013-2028"
012feca3d85f nginx-1.5.0, nginx-1.4.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 589
diff changeset
147 good="1.5.0+, 1.4.1+"
901
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
148 vulnerable="1.3.9-1.4.0">
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
149 <patch name="patch.2013.chunked.txt" />
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
150 </item>
899
012feca3d85f nginx-1.5.0, nginx-1.4.1
Maxim Dounin <mdounin@mdounin.ru>
parents: 589
diff changeset
151
525
1dca638da1eb Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents: 488
diff changeset
152 <item name="Vulnerabilities with Windows directory aliases"
1dca638da1eb Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents: 488
diff changeset
153 severity="medium"
909
ef5485fb932d 2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents: 906
diff changeset
154 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000086.html"
525
1dca638da1eb Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents: 488
diff changeset
155 cve="2011-4963"
1dca638da1eb Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents: 488
diff changeset
156 good="1.3.1+, 1.2.1+"
1dca638da1eb Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents: 488
diff changeset
157 vulnerable="nginx/Windows 0.7.52-1.3.0" />
1dca638da1eb Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents: 488
diff changeset
158
487
2406529bc838 nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents: 472
diff changeset
159 <item name="Buffer overflow in the ngx_http_mp4_module"
2406529bc838 nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents: 472
diff changeset
160 severity="major"
909
ef5485fb932d 2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents: 906
diff changeset
161 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html"
487
2406529bc838 nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents: 472
diff changeset
162 cve="2012-2089"
2406529bc838 nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents: 472
diff changeset
163 good="1.1.19+, 1.0.15+"
901
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
164 vulnerable="1.1.3-1.1.18, 1.0.7-1.0.14">
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
165 <patch name="patch.2012.mp4.txt" />
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
166 </item>
487
2406529bc838 nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents: 472
diff changeset
167
445
86d441d817dd nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents: 247
diff changeset
168 <item name="Memory disclosure with specially crafted backend responses"
86d441d817dd nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents: 247
diff changeset
169 severity="major"
909
ef5485fb932d 2012 security advisories added.
Maxim Konovalov <maxim@nginx.com>
parents: 906
diff changeset
170 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html"
472
7054e1c9c9c2 Added CVE ID to the latest security advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 458
diff changeset
171 cve="2012-1180"
445
86d441d817dd nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents: 247
diff changeset
172 good="1.1.17+, 1.0.14+"
901
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
173 vulnerable="0.1.0-1.1.16">
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
174 <patch name="patch.2012.memory.txt" />
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
175 </item>
445
86d441d817dd nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents: 247
diff changeset
176
488
78ab3599e1fe Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents: 487
diff changeset
177 <item name="Buffer overflow in resolver"
78ab3599e1fe Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents: 487
diff changeset
178 severity="medium"
78ab3599e1fe Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents: 487
diff changeset
179 cve="2011-4315"
78ab3599e1fe Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents: 487
diff changeset
180 good="1.1.8+, 1.0.10+"
78ab3599e1fe Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents: 487
diff changeset
181 vulnerable="0.6.18-1.1.7" />
78ab3599e1fe Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents: 487
diff changeset
182
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
183 <item name="Vulnerabilities with invalid UTF-8 sequence on Windows"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
184 severity="major"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
185 cve="2010-2266"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
186 good="0.8.41+, 0.7.67+"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
187 vulnerable="nginx/Windows 0.7.52-0.8.40" />
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
188
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
189 <item name="Vulnerabilities with Windows file default stream"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
190 severity="major"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
191 cve="2010-2263"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
192 good="0.8.40+, 0.7.66+"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
193 vulnerable="nginx/Windows 0.7.52-0.8.39" />
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
194
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
195 <item name="Vulnerabilities with Windows 8.3 filename pseudonyms"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
196 severity="major"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
197 core="CORE-2010-0121"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
198 href="http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
199 good="0.8.33+, 0.7.65+"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
200 vulnerable="nginx/Windows 0.7.52-0.8.32" />
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
201
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
202 <item name="An error log data are not sanitized"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
203 severity="none"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
204 cve="2009-4487"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
205 good="none"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
206 vulnerable="all" />
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
207
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
208 <item name="The renegotiation vulnerability in SSL protocol"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
209 severity="major"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
210 cert="120541"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
211 cve="2009-3555"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
212 good="0.8.23+, 0.7.64+"
901
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
213 vulnerable="0.1.0-0.8.22">
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
214 <patch name="patch.cve-2009-3555.txt" />
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
215 </item>
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
216
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
217 <item name="Directory traversal vulnerability"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
218 severity="minor"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
219 cve="2009-3898"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
220 good="0.8.17+, 0.7.63+"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
221 vulnerable="0.1.0-0.8.16" />
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
222
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
223 <item name="Buffer underflow vulnerability"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
224 severity="major"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
225 cert="180065"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
226 cve="2009-2629"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
227 good="0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+"
901
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
228 vulnerable="0.1.0-0.8.14">
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
229 <patch name="patch.180065.txt" />
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
230 </item>
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
231
123
7db449e89e92 Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents: 50
diff changeset
232 <item name="Null pointer dereference vulnerability"
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
233 severity="major"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
234 cve="2009-3896"
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
235 good="0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+"
901
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
236 vulnerable="0.1.0-0.8.13">
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
237 <patch name="patch.null.pointer.txt" />
8f674c48b879 Security advisories: advisory link and several patches per advisory.
Ruslan Ermilov <ru@nginx.com>
parents: 899
diff changeset
238 </item>
0
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
239
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
240 </security>
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
241
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
242 </section>
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
243
61e04fc01027 Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff changeset
244 </article>