Mercurial > hg > nginx-site

diff xml/en/security_advisories.xml @ 2272:3fa4584907b8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
nginx-1.15.6, nginx-1.14.1
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 06 Nov 2018 17:51:30 +0300
parents cf8d95bfcf72
children 626533759806
line wrap: on
line diff
--- a/xml/en/security_advisories.xml	Wed Oct 31 20:56:02 2018 +0300
+++ b/xml/en/security_advisories.xml	Tue Nov 06 17:51:30 2018 +0300
@@ -24,6 +24,28 @@
 
 <security>
 
+<item name="Excessive memory usage in HTTP/2"
+      severity="low"
+      cve="2018-16843"
+      good="1.15.6+, 1.14.1+"
+      vulnerable="1.9.5-1.15.5">
+</item>
+
+<item name="Excessive CPU usage in HTTP/2"
+      severity="low"
+      cve="2018-16844"
+      good="1.15.6+, 1.14.1+"
+      vulnerable="1.9.5-1.15.5">
+</item>
+
+<item name="Memory disclosure in the ngx_http_mp4_module"
+      severity="medium"
+      cve="2018-16845"
+      good="1.15.6+, 1.14.1+"
+      vulnerable="1.1.3-1.15.5, 1.0.7-1.0.15">
+<patch name="patch.2018.mp4.txt" />
+</item>
+
 <item name="Integer overflow in the range filter"
       severity="medium"
       advisory="http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"