Mercurial > hg > nginx-vendor-1-0
diff CHANGES @ 650:f0a8697979af NGINX_1_0_15
nginx 1.0.15
*) Security: specially crafted mp4 file might allow to overwrite memory
locations in a worker process if the ngx_http_mp4_module was used,
potentially resulting in arbitrary code execution (CVE-2012-2089).
Thanks to Matthew Daley.
*) Bugfix: in the ngx_http_mp4_module.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Thu, 12 Apr 2012 00:00:00 +0400 |
parents | fa9b9e42035e |
children |
line wrap: on
line diff
--- a/CHANGES +++ b/CHANGES @@ -1,4 +1,14 @@ +Changes with nginx 1.0.15 12 Apr 2012 + + *) Security: specially crafted mp4 file might allow to overwrite memory + locations in a worker process if the ngx_http_mp4_module was used, + potentially resulting in arbitrary code execution (CVE-2012-2089). + Thanks to Matthew Daley. + + *) Bugfix: in the ngx_http_mp4_module. + + Changes with nginx 1.0.14 15 Mar 2012 *) Security: content of previously freed memory might be sent to a