*** This bug is a security vulnerability *** Public security bug reported:
This is CVE-2013-2070. An nginx proxy_pass buffer overflow risk is present. Per upstream, nginx versions 1.1.4 and higher are affected. As such, Precise, Quantal, and Raring are affected. Saucy has already received this fix as part of the 1.4.1-1 merge (bug 1177919). This is tracked on the Ubuntu Security Team CVE Tracker at http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2070.html The upstream patch for this is located at http://nginx.org/download/patch.2013.proxy.txt This bug is being created to track the status of this being fixed in affected nginx versions in releases of Ubuntu. (Bug importance was set to Medium per mdeslaur's guidance on IRC in #ubuntu-hardened.) ** Affects: nginx (Ubuntu) Importance: Medium Status: New ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-2070 ** Description changed: This is CVE-2013-2070. An nginx proxy_pass buffer overflow risk is present. - Per upstream, nginx versions 1.1.4 and higher are affected. - - Saucy has already received this fix as part of the 1.4.1-1 merge, as - per bug 1177919. + Per upstream, nginx versions 1.1.4 and higher are affected. As such, + Precise, Quantal, and Raring are affected. Saucy has already received + this fix as part of the 1.4.1-1 merge (bug 1177919). This is tracked on the Ubuntu Security Team CVE Tracker at http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2070.html The upstream patch for this is located at http://nginx.org/download/patch.2013.proxy.txt This bug is being created to track the status of this being fixed in affected nginx versions in releases of Ubuntu. (Bug importance was set to Medium per mdeslaur's guidance on IRC in #ubuntu-hardened.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1182586 Title: CVE-2013-2070: nginx proxy_pass buffer overflow vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1182586/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
