Source: nginx Version: 1.6.2-5 Severity: grave Tags: security Justification: user security hole Control: fixed -1 1.6.2-5+deb8u3
Hi, the following vulnerability was published for nginx. This bug is to track the CVE-2016-1247 as well in the Debian BTS. CVE-2016-1247[0]: www-data to root privilege escalation via log file handling If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-1247 Regards, Salvatore