Mercurial > hg > nginx-site

diff xml/en/security_advisories.xml @ 901:8f674c48b879

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Security advisories: advisory link and several patches per advisory.
author Ruslan Ermilov <ru@nginx.com>
date Wed, 08 May 2013 18:22:23 +0400
parents 012feca3d85f
children 22bd9315e047
line wrap: on
line diff
--- a/xml/en/security_advisories.xml	Wed May 08 07:11:47 2013 +0000
+++ b/xml/en/security_advisories.xml	Wed May 08 18:22:23 2013 +0400
@@ -26,10 +26,12 @@
 
 <item name="Stack-based buffer overflow with specially crafted request"
       severity="major"
+      advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html"
       cve="2013-2028"
       good="1.5.0+, 1.4.1+"
-      vulnerable="1.3.9-1.4.0"
-      patch="patch.2013.chunked.txt" />
+      vulnerable="1.3.9-1.4.0">
+<patch name="patch.2013.chunked.txt" />
+</item>
 
 <item name="Vulnerabilities with Windows directory aliases"
       severity="medium"
@@ -41,15 +43,17 @@
       severity="major"
       cve="2012-2089"
       good="1.1.19+, 1.0.15+"
-      vulnerable="1.1.3-1.1.18, 1.0.7-1.0.14"
-      patch="patch.2012.mp4.txt" />
+      vulnerable="1.1.3-1.1.18, 1.0.7-1.0.14">
+<patch name="patch.2012.mp4.txt" />
+</item>
 
 <item name="Memory disclosure with specially crafted backend responses"
       severity="major"
       cve="2012-1180"
       good="1.1.17+, 1.0.14+"
-      vulnerable="0.1.0-1.1.16"
-      patch="patch.2012.memory.txt" />
+      vulnerable="0.1.0-1.1.16">
+<patch name="patch.2012.memory.txt" />
+</item>
 
 <item name="Buffer overflow in resolver"
       severity="medium"
@@ -87,8 +91,9 @@
       cert="120541"
       cve="2009-3555"
       good="0.8.23+, 0.7.64+"
-      vulnerable="0.1.0-0.8.22"
-      patch="patch.cve-2009-3555.txt" />
+      vulnerable="0.1.0-0.8.22">
+<patch name="patch.cve-2009-3555.txt" />
+</item>
 
 <item name="Directory traversal vulnerability"
       severity="minor"
@@ -101,15 +106,17 @@
       cert="180065"
       cve="2009-2629"
       good="0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+"
-      vulnerable="0.1.0-0.8.14"
-      patch="patch.180065.txt" />
+      vulnerable="0.1.0-0.8.14">
+<patch name="patch.180065.txt" />
+</item>
 
 <item name="Null pointer dereference vulnerability"
       severity="major"
       cve="2009-3896"
       good="0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+"
-      vulnerable="0.1.0-0.8.13"
-      patch="patch.null.pointer.txt" />
+      vulnerable="0.1.0-0.8.13">
+<patch name="patch.null.pointer.txt" />
+</item>
 
 </security>