Mercurial > hg > nginx-site
annotate xml/en/security_advisories.xml @ 721:81ad082bc837
Simplified things by including books.xslt, download.xslt and security.xslt
into article.xslt, and always using article.xslt to generate HTMLs. While
here, moved versions.xml from common dependencies to article dependencies.
Fixed menu in 404.html by applying templates from menu.xslt, and fixed its
dependency on DTD.
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Fri, 12 Oct 2012 09:10:31 +0000 |
| parents | 764fbac1b8b4 |
| children | 012feca3d85f |
| rev | line source |
|---|---|
|
580
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
1 <!-- |
|
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
2 Copyright (C) Igor Sysoev |
|
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
3 Copyright (C) Nginx, Inc. |
|
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
4 --> |
|
be54c443235a
Added copyright markers to documentation sources.
Ruslan Ermilov <ru@nginx.com>
parents:
525
diff
changeset
|
5 |
| 50 | 6 <!DOCTYPE article SYSTEM "../../dtd/article.dtd"> |
|
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
7 |
|
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
8 <article name="nginx security advisories" |
|
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
9 link="/en/security_advisories.html" |
| 589 | 10 lang="en" |
| 11 rev="1"> | |
|
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
12 |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
13 <section> |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
14 |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
15 <para> |
|
457
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
16 All nginx security issues should be reported to |
|
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
17 <link url="mailto:security-alert@nginx.org">security-alert@nginx.org</link>. |
|
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
18 </para> |
|
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
19 |
|
ab9453c6b9c6
A contact email for the security issues added.
Maxim Konovalov <maxim@nginx.com>
parents:
447
diff
changeset
|
20 <para> |
|
458
cdf45fe0d9de
Made the link to PGP public keys read as a full sentence.
Ruslan Ermilov <ru@nginx.com>
parents:
457
diff
changeset
|
21 Patches are signed using one of the |
|
cdf45fe0d9de
Made the link to PGP public keys read as a full sentence.
Ruslan Ermilov <ru@nginx.com>
parents:
457
diff
changeset
|
22 <link doc="pgp_keys.xml">PGP public keys</link>. |
|
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
23 </para> |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
24 |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
25 <security> |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
26 |
|
525
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
27 <item name="Vulnerabilities with Windows directory aliases" |
|
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
28 severity="medium" |
|
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
29 cve="2011-4963" |
|
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
30 good="1.3.1+, 1.2.1+" |
|
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
31 vulnerable="nginx/Windows 0.7.52-1.3.0" /> |
|
1dca638da1eb
Win32 security issue added.
Maxim Dounin <mdounin@mdounin.ru>
parents:
488
diff
changeset
|
32 |
|
487
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
33 <item name="Buffer overflow in the ngx_http_mp4_module" |
|
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
34 severity="major" |
|
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
35 cve="2012-2089" |
|
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
36 good="1.1.19+, 1.0.15+" |
|
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
37 vulnerable="1.1.3-1.1.18, 1.0.7-1.0.14" |
|
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
38 patch="patch.2012.mp4.txt" /> |
|
2406529bc838
nginx-1.1.19, nginx-1.0.15
Maxim Dounin <mdounin@mdounin.ru>
parents:
472
diff
changeset
|
39 |
|
445
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
40 <item name="Memory disclosure with specially crafted backend responses" |
|
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
41 severity="major" |
|
472
7054e1c9c9c2
Added CVE ID to the latest security advisory.
Ruslan Ermilov <ru@nginx.com>
parents:
458
diff
changeset
|
42 cve="2012-1180" |
|
445
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
43 good="1.1.17+, 1.0.14+" |
|
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
44 vulnerable="0.1.0-1.1.16" |
|
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
45 patch="patch.2012.memory.txt" /> |
|
86d441d817dd
nginx-1.1.17, nginx-1.0.14
Maxim Dounin <mdounin@mdounin.ru>
parents:
247
diff
changeset
|
46 |
|
488
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
47 <item name="Buffer overflow in resolver" |
|
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
48 severity="medium" |
|
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
49 cve="2011-4315" |
|
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
50 good="1.1.8+, 1.0.10+" |
|
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
51 vulnerable="0.6.18-1.1.7" /> |
|
78ab3599e1fe
Added CVE-2011-4315 (buffer overflow in resolver).
Maxim Dounin <mdounin@mdounin.ru>
parents:
487
diff
changeset
|
52 |
|
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
53 <item name="Vulnerabilities with invalid UTF-8 sequence on Windows" |
|
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
54 severity="major" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
55 cve="2010-2266" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
56 good="0.8.41+, 0.7.67+" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
57 vulnerable="nginx/Windows 0.7.52-0.8.40" /> |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
58 |
|
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
59 <item name="Vulnerabilities with Windows file default stream" |
|
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
60 severity="major" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
61 cve="2010-2263" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
62 good="0.8.40+, 0.7.66+" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
63 vulnerable="nginx/Windows 0.7.52-0.8.39" /> |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
64 |
|
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
65 <item name="Vulnerabilities with Windows 8.3 filename pseudonyms" |
|
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
66 severity="major" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
67 core="CORE-2010-0121" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
68 href="http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
69 good="0.8.33+, 0.7.65+" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
70 vulnerable="nginx/Windows 0.7.52-0.8.32" /> |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
71 |
|
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
72 <item name="An error log data are not sanitized" |
|
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
73 severity="none" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
74 cve="2009-4487" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
75 good="none" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
76 vulnerable="all" /> |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
77 |
|
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
78 <item name="The renegotiation vulnerability in SSL protocol" |
|
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
79 severity="major" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
80 cert="120541" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
81 cve="2009-3555" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
82 good="0.8.23+, 0.7.64+" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
83 vulnerable="0.1.0-0.8.22" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
84 patch="patch.cve-2009-3555.txt" /> |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
85 |
|
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
86 <item name="Directory traversal vulnerability" |
|
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
87 severity="minor" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
88 cve="2009-3898" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
89 good="0.8.17+, 0.7.63+" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
90 vulnerable="0.1.0-0.8.16" /> |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
91 |
|
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
92 <item name="Buffer underflow vulnerability" |
|
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
93 severity="major" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
94 cert="180065" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
95 cve="2009-2629" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
96 good="0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
97 vulnerable="0.1.0-0.8.14" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
98 patch="patch.180065.txt" /> |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
99 |
|
123
7db449e89e92
Unified the use of the "name" attribute instead of "title".
Ruslan Ermilov <ru@nginx.com>
parents:
50
diff
changeset
|
100 <item name="Null pointer dereference vulnerability" |
|
0
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
101 severity="major" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
102 cve="2009-3896" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
103 good="0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
104 vulnerable="0.1.0-0.8.13" |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
105 patch="patch.null.pointer.txt" /> |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
106 |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
107 </security> |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
108 |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
109 </section> |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
110 |
|
61e04fc01027
Initial import of the nginx.org website.
Ruslan Ermilov <ru@nginx.com>
parents:
diff
changeset
|
111 </article> |