nginx security update
Rodrigo OSORIO
rodrigo at bebik.net
Fri Apr 13 12:57:55 UTC 2012
Hi,
A new entry seems to be needed in the vuxml database to report this
new security issue for both nginx < 1.0.5 and nginx-dev < 1.1.19.
Regards,
Rodrigo OSORIO
On 13/04/12 12:11 +0000, Sergey A. Osokin wrote:
> osa 2012-04-13 12:11:04 UTC
>
> FreeBSD ports repository
>
> Modified files:
> www/nginx Makefile distinfo
> Log:
> Security update from 1.0.14 to 1.0.15.
>
> <ChangeLog>
>
> *) Security: specially crafted mp4 file might allow to overwrite memory
> locations in a worker process if the ngx_http_mp4_module was used,
> potentially resulting in arbitrary code execution (CVE-2012-2089).
> Thanks to Matthew Daley.
>
> *) Bugfix: in the ngx_http_mp4_module.
>
> </ChangeLog>
>
> Revision Changes Path
> 1.318 +1 -1 ports/www/nginx/Makefile
> 1.276 +2 -2 ports/www/nginx/distinfo
> _______________________________________________
> cvs-ports at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/cvs-ports
> To unsubscribe, send any mail to "cvs-ports-unsubscribe at freebsd.org"
----- End forwarded message -----
More information about the freebsd-ports
mailing list