I know that at the very least, Precise, Quantal, Raring, Saucy, and Trusty are affected by this bug. I believe that Lucid may also be affected and I will have to look into that to confirm.
I have asked Colin Watson (cjwatson) to merge 1.4.4-2 from Debian to Trusty, as 1.4.4-2 contains the fix for this, as well as other Debian bugfixes. I have the diff from Debian git (see http://anonscm.debian.org/gitweb/?p =collab- maint/nginx.git;a=commitdiff_plain;h=3a4f08671c87b7fc89e077542edfd6eb651f1803 for the diff) that applies a fix for this, and will nit-pick the specific changes from this for the security fixes for the affected Ubuntu versions. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1193445 Title: Directory /var/log/nginx is world readable [CVE-2013-0337] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1193445/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
