Mercurial > hg > nginx-site
diff xml/en/security_advisories.xml @ 901:8f674c48b879
Security advisories: advisory link and several patches per advisory.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Wed, 08 May 2013 18:22:23 +0400 |
parents | 012feca3d85f |
children | 22bd9315e047 |
line wrap: on
line diff
--- a/xml/en/security_advisories.xml Wed May 08 07:11:47 2013 +0000 +++ b/xml/en/security_advisories.xml Wed May 08 18:22:23 2013 +0400 @@ -26,10 +26,12 @@ <item name="Stack-based buffer overflow with specially crafted request" severity="major" + advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html" cve="2013-2028" good="1.5.0+, 1.4.1+" - vulnerable="1.3.9-1.4.0" - patch="patch.2013.chunked.txt" /> + vulnerable="1.3.9-1.4.0"> +<patch name="patch.2013.chunked.txt" /> +</item> <item name="Vulnerabilities with Windows directory aliases" severity="medium" @@ -41,15 +43,17 @@ severity="major" cve="2012-2089" good="1.1.19+, 1.0.15+" - vulnerable="1.1.3-1.1.18, 1.0.7-1.0.14" - patch="patch.2012.mp4.txt" /> + vulnerable="1.1.3-1.1.18, 1.0.7-1.0.14"> +<patch name="patch.2012.mp4.txt" /> +</item> <item name="Memory disclosure with specially crafted backend responses" severity="major" cve="2012-1180" good="1.1.17+, 1.0.14+" - vulnerable="0.1.0-1.1.16" - patch="patch.2012.memory.txt" /> + vulnerable="0.1.0-1.1.16"> +<patch name="patch.2012.memory.txt" /> +</item> <item name="Buffer overflow in resolver" severity="medium" @@ -87,8 +91,9 @@ cert="120541" cve="2009-3555" good="0.8.23+, 0.7.64+" - vulnerable="0.1.0-0.8.22" - patch="patch.cve-2009-3555.txt" /> + vulnerable="0.1.0-0.8.22"> +<patch name="patch.cve-2009-3555.txt" /> +</item> <item name="Directory traversal vulnerability" severity="minor" @@ -101,15 +106,17 @@ cert="180065" cve="2009-2629" good="0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+" - vulnerable="0.1.0-0.8.14" - patch="patch.180065.txt" /> + vulnerable="0.1.0-0.8.14"> +<patch name="patch.180065.txt" /> +</item> <item name="Null pointer dereference vulnerability" severity="major" cve="2009-3896" good="0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+" - vulnerable="0.1.0-0.8.13" - patch="patch.null.pointer.txt" /> + vulnerable="0.1.0-0.8.13"> +<patch name="patch.null.pointer.txt" /> +</item> </security>