Mercurial > hg > nginx-site

view xml/en/security_advisories.xml @ 447:f717705f5442

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed pgp keys link.
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 15 Mar 2012 18:32:11 +0000
parents 86d441d817dd
children ab9453c6b9c6
line wrap: on
line source

<!DOCTYPE article SYSTEM "../../dtd/article.dtd">

<article name="nginx security advisories"
         link="/en/security_advisories.html"
         lang="en">

<section>

<para>
<link doc="pgp_keys.xml">PGP public keys</link>
</para>

<security>

<item name="Memory disclosure with specially crafted backend responses"
      severity="major"
      good="1.1.17+, 1.0.14+"
      vulnerable="0.1.0-1.1.16"
      patch="patch.2012.memory.txt" />

<item name="Vulnerabilities with invalid UTF-8 sequence on Windows"
      severity="major"
      cve="2010-2266"
      good="0.8.41+, 0.7.67+"
      vulnerable="nginx/Windows 0.7.52-0.8.40" />

<item name="Vulnerabilities with Windows file default stream"
      severity="major"
      cve="2010-2263"
      good="0.8.40+, 0.7.66+"
      vulnerable="nginx/Windows 0.7.52-0.8.39" />

<item name="Vulnerabilities with Windows 8.3 filename pseudonyms"
      severity="major"
      core="CORE-2010-0121"
      href="http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities"
      good="0.8.33+, 0.7.65+"
      vulnerable="nginx/Windows 0.7.52-0.8.32" />

<item name="An error log data are not sanitized"
      severity="none"
      cve="2009-4487"
      good="none"
      vulnerable="all" />

<item name="The renegotiation vulnerability in SSL protocol"
      severity="major"
      cert="120541"
      cve="2009-3555"
      good="0.8.23+, 0.7.64+"
      vulnerable="0.1.0-0.8.22"
      patch="patch.cve-2009-3555.txt" />

<item name="Directory traversal vulnerability"
      severity="minor"
      cve="2009-3898"
      good="0.8.17+, 0.7.63+"
      vulnerable="0.1.0-0.8.16" />

<item name="Buffer underflow vulnerability"
      severity="major"
      cert="180065"
      cve="2009-2629"
      good="0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+"
      vulnerable="0.1.0-0.8.14"
      patch="patch.180065.txt" />

<item name="Null pointer dereference vulnerability"
      severity="major"
      cve="2009-3896"
      good="0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+"
      vulnerable="0.1.0-0.8.13"
      patch="patch.null.pointer.txt" />

</security>

</section>

</article>