I just saw something strange on http://nginx.org/en/security_advisories.html : "An error log data are not sanitized Severity: none CVE-2009-4487 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4487> Not vulnerable: none Vulnerable: all"
Severity is labelled as 'None', though the CVE talks, among other stuff, about 'arbitrary commands and file write'. Is your advisories page wrong? Is the CVE wrong? Has this been solved? --- *B. R.*
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx