Mercurial > hg > nginx-site
changeset 904:22bd9315e047
nginx-1.2.9
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 13 May 2013 15:23:37 +0400 |
parents | 8ceb504cdb99 |
children | f0b851313106 |
files | text/en/CHANGES-1.2 text/ru/CHANGES.ru-1.2 xml/en/security_advisories.xml xml/index.xml |
diffstat | 4 files changed, 33 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/text/en/CHANGES-1.2 Mon May 13 07:37:59 2013 +0000 +++ b/text/en/CHANGES-1.2 Mon May 13 15:23:37 2013 +0400 @@ -1,4 +1,11 @@ +Changes with nginx 1.2.9 13 May 2013 + + *) Security: contents of worker process memory might be sent to a client + if HTTP backend returned specially crafted response (CVE-2013-2070); + the bug had appeared in 1.1.4. + + Changes with nginx 1.2.8 02 Apr 2013 *) Bugfix: new sessions were not always stored if the "ssl_session_cache
--- a/text/ru/CHANGES.ru-1.2 Mon May 13 07:37:59 2013 +0000 +++ b/text/ru/CHANGES.ru-1.2 Mon May 13 15:23:37 2013 +0400 @@ -1,4 +1,11 @@ +Изменения в nginx 1.2.9 13.05.2013 + + *) Безопасность: содержимое памяти рабочего процесса могло быть + отправлено клиенту, если HTTP-бэкенд возвращал специально созданный + ответ (CVE-2013-2070); ошибка появилась в 1.1.4. + + Изменения в nginx 1.2.8 02.04.2013 *) Исправление: при использовании директивы "ssl_session_cache shared"
--- a/xml/en/security_advisories.xml Mon May 13 07:37:59 2013 +0000 +++ b/xml/en/security_advisories.xml Mon May 13 15:23:37 2013 +0400 @@ -24,6 +24,15 @@ <security> +<item name="Memory disclosure with specially crafted http backend responses" + severity="medium" + cve="2013-2070" + good="1.5.0+, 1.4.1+, 1.2.9+" + vulnerable="1.1.4-1.2.8, 1.3.9-1.4.0"> +<patch name="patch.2013.chunked.txt" versions="1.3.9-1.4.0" /> +<patch name="patch.2013.proxy.txt" versions="1.1.4-1.2.8" /> +</item> + <item name="Stack-based buffer overflow with specially crafted request" severity="major" advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html"
--- a/xml/index.xml Mon May 13 07:37:59 2013 +0000 +++ b/xml/index.xml Mon May 13 15:23:37 2013 +0400 @@ -7,6 +7,16 @@ <news name="nginx news" link="/" lang="en"> +<event date="2013-05-13"> +<para> +<link doc="en/download.xml">nginx-1.2.9</link> +legacy version has been released, +addressing the +<link doc="en/security_advisories.xml">information disclosure</link> +security problem in some previous nginx versions (CVE-2013-2070). +</para> +</event> + <event date="2013-05-07"> <para> <link doc="en/download.xml">nginx-1.4.1</link>