Mercurial > hg > nginx-site
changeset 1715:ce35c4764409
nginx-1.11.1, nginx-1.10.1
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 31 May 2016 17:17:05 +0300 |
parents | 26f75ea49876 |
children | ecea2f0d22b6 |
files | text/en/CHANGES text/en/CHANGES-1.10 text/ru/CHANGES.ru text/ru/CHANGES.ru-1.10 xml/en/security_advisories.xml xml/index.xml xml/versions.xml |
diffstat | 7 files changed, 52 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/text/en/CHANGES +++ b/text/en/CHANGES @@ -1,4 +1,11 @@ +Changes with nginx 1.11.1 31 May 2016 + + *) Security: a segmentation fault might occur in a worker process while + writing a specially crafted request body to a temporary file + (CVE-2016-4450); the bug had appeared in 1.3.9. + + Changes with nginx 1.11.0 24 May 2016 *) Feature: the "transparent" parameter of the "proxy_bind",
--- a/text/en/CHANGES-1.10 +++ b/text/en/CHANGES-1.10 @@ -1,4 +1,11 @@ +Changes with nginx 1.10.1 31 May 2016 + + *) Security: a segmentation fault might occur in a worker process while + writing a specially crafted request body to a temporary file + (CVE-2016-4450); the bug had appeared in 1.3.9. + + Changes with nginx 1.10.0 26 Apr 2016 *) 1.10.x stable branch.
--- a/text/ru/CHANGES.ru +++ b/text/ru/CHANGES.ru @@ -1,4 +1,11 @@ +Изменения в nginx 1.11.1 31.05.2016 + + *) Безопасность: при записи тела специально созданного запроса во + временный файл в рабочем процессе мог происходить segmentation fault + (CVE-2016-4450); ошибка появилась в 1.3.9. + + Изменения в nginx 1.11.0 24.05.2016 *) Добавление: параметр transparent директив proxy_bind, fastcgi_bind,
--- a/text/ru/CHANGES.ru-1.10 +++ b/text/ru/CHANGES.ru-1.10 @@ -1,4 +1,11 @@ +Изменения в nginx 1.10.1 31.05.2016 + + *) Безопасность: при записи тела специально созданного запроса во + временный файл в рабочем процессе мог происходить segmentation fault + (CVE-2016-4450); ошибка появилась в 1.3.9. + + Изменения в nginx 1.10.0 26.04.2016 *) Стабильная ветка 1.10.x.
--- a/xml/en/security_advisories.xml +++ b/xml/en/security_advisories.xml @@ -24,6 +24,16 @@ Patches are signed using one of the <security> +<item name="NULL pointer dereference while writing client request body" + severity="medium" + advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/" + cve="2016-4450" + good="1.11.1+, 1.10.1+" + vulnerable="1.3.9-1.11.0"> +<patch name="patch.2016.write.txt" versions="1.9.13-1.11.0" /> +<patch name="patch.2016.write2.txt" versions="1.3.9-1.9.12" /> +</item> + <item name="Invalid pointer dereference in resolver" severity="medium" advisory="http://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"
--- a/xml/index.xml +++ b/xml/index.xml @@ -7,6 +7,18 @@ <news name="nginx news" link="/" lang="en"> +<event date="2016-05-31"> +<para> +<link doc="en/download.xml">nginx-1.10.1</link> +stable and +<link doc="en/download.xml">nginx-1.11.1</link> +mainline versions have been released +with a fix for the +<link doc="en/security_advisories.xml">NULL pointer dereference while +writing client request body</link> vulnerability (CVE-2016-4450). +</para> +</event> + <event date="2016-05-24"> <para> <link doc="en/download.xml">nginx-1.11.0</link>
--- a/xml/versions.xml +++ b/xml/versions.xml @@ -9,6 +9,7 @@ <download tag="mainline" changes=""> +<item ver="1.11.1" /> <item ver="1.11.0" /> </download> @@ -16,6 +17,7 @@ <download tag="stable" changes="1.10"> +<item ver="1.10.1" /> <item ver="1.10.0" /> <item ver="1.9.15" /> <item ver="1.9.14" />