Mercurial > hg > nginx-site

comparison xml/en/security_advisories.xml @ 901:8f674c48b879

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Security advisories: advisory link and several patches per advisory.
author Ruslan Ermilov <ru@nginx.com>
date Wed, 08 May 2013 18:22:23 +0400
parents 012feca3d85f
children 22bd9315e047
comparison
equal deleted inserted replaced
900:da102c9c7e36 901:8f674c48b879
24 24
25 <security> 25 <security>
26 26
27 <item name="Stack-based buffer overflow with specially crafted request" 27 <item name="Stack-based buffer overflow with specially crafted request"
28 severity="major" 28 severity="major"
29 advisory="http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html"
29 cve="2013-2028" 30 cve="2013-2028"
30 good="1.5.0+, 1.4.1+" 31 good="1.5.0+, 1.4.1+"
31 vulnerable="1.3.9-1.4.0" 32 vulnerable="1.3.9-1.4.0">
32 patch="patch.2013.chunked.txt" /> 33 <patch name="patch.2013.chunked.txt" />
34 </item>
33 35
34 <item name="Vulnerabilities with Windows directory aliases" 36 <item name="Vulnerabilities with Windows directory aliases"
35 severity="medium" 37 severity="medium"
36 cve="2011-4963" 38 cve="2011-4963"
37 good="1.3.1+, 1.2.1+" 39 good="1.3.1+, 1.2.1+"
39 41
40 <item name="Buffer overflow in the ngx_http_mp4_module" 42 <item name="Buffer overflow in the ngx_http_mp4_module"
41 severity="major" 43 severity="major"
42 cve="2012-2089" 44 cve="2012-2089"
43 good="1.1.19+, 1.0.15+" 45 good="1.1.19+, 1.0.15+"
44 vulnerable="1.1.3-1.1.18, 1.0.7-1.0.14" 46 vulnerable="1.1.3-1.1.18, 1.0.7-1.0.14">
45 patch="patch.2012.mp4.txt" /> 47 <patch name="patch.2012.mp4.txt" />
48 </item>
46 49
47 <item name="Memory disclosure with specially crafted backend responses" 50 <item name="Memory disclosure with specially crafted backend responses"
48 severity="major" 51 severity="major"
49 cve="2012-1180" 52 cve="2012-1180"
50 good="1.1.17+, 1.0.14+" 53 good="1.1.17+, 1.0.14+"
51 vulnerable="0.1.0-1.1.16" 54 vulnerable="0.1.0-1.1.16">
52 patch="patch.2012.memory.txt" /> 55 <patch name="patch.2012.memory.txt" />
56 </item>
53 57
54 <item name="Buffer overflow in resolver" 58 <item name="Buffer overflow in resolver"
55 severity="medium" 59 severity="medium"
56 cve="2011-4315" 60 cve="2011-4315"
57 good="1.1.8+, 1.0.10+" 61 good="1.1.8+, 1.0.10+"
85 <item name="The renegotiation vulnerability in SSL protocol" 89 <item name="The renegotiation vulnerability in SSL protocol"
86 severity="major" 90 severity="major"
87 cert="120541" 91 cert="120541"
88 cve="2009-3555" 92 cve="2009-3555"
89 good="0.8.23+, 0.7.64+" 93 good="0.8.23+, 0.7.64+"
90 vulnerable="0.1.0-0.8.22" 94 vulnerable="0.1.0-0.8.22">
91 patch="patch.cve-2009-3555.txt" /> 95 <patch name="patch.cve-2009-3555.txt" />
96 </item>
92 97
93 <item name="Directory traversal vulnerability" 98 <item name="Directory traversal vulnerability"
94 severity="minor" 99 severity="minor"
95 cve="2009-3898" 100 cve="2009-3898"
96 good="0.8.17+, 0.7.63+" 101 good="0.8.17+, 0.7.63+"
99 <item name="Buffer underflow vulnerability" 104 <item name="Buffer underflow vulnerability"
100 severity="major" 105 severity="major"
101 cert="180065" 106 cert="180065"
102 cve="2009-2629" 107 cve="2009-2629"
103 good="0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+" 108 good="0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+"
104 vulnerable="0.1.0-0.8.14" 109 vulnerable="0.1.0-0.8.14">
105 patch="patch.180065.txt" /> 110 <patch name="patch.180065.txt" />
111 </item>
106 112
107 <item name="Null pointer dereference vulnerability" 113 <item name="Null pointer dereference vulnerability"
108 severity="major" 114 severity="major"
109 cve="2009-3896" 115 cve="2009-3896"
110 good="0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+" 116 good="0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+"
111 vulnerable="0.1.0-0.8.13" 117 vulnerable="0.1.0-0.8.13">
112 patch="patch.null.pointer.txt" /> 118 <patch name="patch.null.pointer.txt" />
119 </item>
113 120
114 </security> 121 </security>
115 122
116 </section> 123 </section>
117 124