** Changed in: hardy-backports
Status: Confirmed = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/803720
Title:
nginx packages in hardy/hardy-backports allow null-byte
** Branch linked: lp:ubuntu/hardy-backports/nginx
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/803720
Title:
nginx packages in hardy/hardy-backports allow null-byte vulnerability
in certain
uploading, sorry for the delays
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/803720
Title:
nginx packages in hardy/hardy-backports allow null-byte vulnerability
in certain configurations
To
Ack from ubuntu-backporters. Uploaded to hardy/unapproved now.
Thanks for the patches Neal :-)
** Changed in: hardy-backports
Status: New = Incomplete
** Changed in: hardy-backports
Status: Incomplete = Confirmed
--
You received this bug notification because you are a member of
Jamie, is this still waiting on me to do something?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/803720
Title:
nginx packages in hardy/hardy-backports allow null-byte vulnerability
in
Neal, could you respond on Scott's question in comment #5?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/803720
Title:
nginx packages in hardy/hardy-backports allow null-byte vulnerability
I though I did in comment #7. Let me know if what I did is sufficient
(and if it isn't, what else I should do).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/803720
Title:
nginx packages in
FYI, the details have been published at
https://nealpoole.com/blog/2011/08/possible-arbitrary-code-execution-
with-null-bytes-php-and-old-versions-of-nginx/
Chinese hackers appear to be particularly interested in this
vulnerability. I would recommend trying to release a patched version
ASAP.
--
Unsubscribing ubuntu-security-sponsors, since the backports team will
take care of the backport in Hardy. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/803720
Title:
nginx packages
ACK on the hardy debdiff, looks good. Thanks!
The package has been uploaded for building and will be released today.
For hardy-backports, the process is different, I'll ask someone from the
backports team to comment here.
** Changed in: nginx (Ubuntu)
Status: Confirmed = Fix Committed
--
For hardy-backports, if you can test that the package, as modified,
builds, installs, and runs (that is at least starts, it needn't be
extensive), we can get the fix in backports too.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug
** Also affects: hardy-backports
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/803720
Title:
nginx packages in hardy/hardy-backports allow
This bug was fixed in the package nginx - 0.5.33-1ubuntu0.2
---
nginx (0.5.33-1ubuntu0.2) hardy-security; urgency=low
* SECURITY UPDATE:
- Merge r3528 from upstream repository to mitigate
potential null byte vulnerability (LP: #803720)
-- Neal Poole
** Branch linked: lp:ubuntu/hardy-security/nginx
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/803720
Title:
nginx packages in hardy/hardy-backports allow null-byte vulnerability
in
Ran the following commands for the hardy-backports code:
./configure --prefix=/home/nbpoole/nginx/nginx-dev
make
make install
sudo ./sbin/nginx -c ~/nginx/nginx-dev/conf/nginx.conf
Server started up just fine. I tested it very briefly: it served up the
requests (and returned a 400 error when the
Alright. I've generated debdiffs for the relevant packages based on the
original nginx patch for the 0.7 branch. Although the nginx patch did
not apply cleanly to either branch, I did my best to make sure all the
relevant code paths were updated. Please let me know if I've messed
something up or
Now attaching the debdiff for the hardy-backports package. I may have
mangled the version string in this debdiff: I wasn't sure which part of
the version I should be incrementing.
** Patch added: debdiff for hardy-backports nginx
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
posting a debdiff for this issue. When a debdiff is available, members
of the security
18 matches
Mail list logo