*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
This is related to LP #783508. After more investigation, I've concluded that the issue identified in #783508 affects nginx 0.5, 0.6, 0.7 < 0.7.66, and 0.8 < 0.8.38. The nginx packages in hardy and hardy-backports are based off of the 0.5 and 0.6 branches of nginx (respectively) which means they're vulnerable. I've reported this issue upstream as well as to Red Hat (see https://bugzilla.redhat.com/show_bug.cgi?id=717078). I attempted to build a debdiff for the 0.5 branch by applying the relevant changeset from the nginx SVN repository. However, the changeset patch does not apply properly given the differences between the 0.5 and 0.7 branches of nginx. I am not confident in my ability to provide a patch for this issue without potentially breaking the application. ** Affects: nginx (Ubuntu) Importance: Undecided Status: New -- nginx packages in hardy/hardy-backports allow null-byte vulnerability in certain configurations https://bugs.launchpad.net/bugs/803720 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
