diff -Nru nginx-1.1.19/debian/changelog nginx-1.1.19/debian/changelog --- nginx-1.1.19/debian/changelog 2013-10-10 09:48:26.000000000 +0000 +++ nginx-1.1.19/debian/changelog 2013-11-22 02:44:55.000000000 +0000 @@ -1,3 +1,13 @@ +nginx (1.1.19-1ubuntu0.5) precise-security; urgency=low + + * SECURITY UPDATE: ACL bypass via space character (LP: #1253691) + - debian/patches/cve-2013-4547.patch: modify src/http/ngx_http_parse.c + to account for a space character, fixing an issue which could result in + security restrictions being bypassed + - CVE-2013-4547 + + -- Thomas Ward Thu, 21 Nov 2013 13:02:22 -0500 + nginx (1.1.19-1ubuntu0.4) precise; urgency=low [ Thomas Ward ] diff -Nru nginx-1.1.19/debian/patches/cve-2013-4547.patch nginx-1.1.19/debian/patches/cve-2013-4547.patch --- nginx-1.1.19/debian/patches/cve-2013-4547.patch 1970-01-01 00:00:00.000000000 +0000 +++ nginx-1.1.19/debian/patches/cve-2013-4547.patch 2013-11-21 20:04:17.000000000 +0000 @@ -0,0 +1,21 @@ +Description: CVE-2013-4547 - Fix an issue in which an attacker may be able to bypass security restrictions on certain configurations with specially crafted requests. +Origin: upstream http://nginx.org/download/patch.2013.space.txt +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1253691 +--- a/src/http/ngx_http_parse.c ++++ b/src/http/ngx_http_parse.c +@@ -617,6 +617,7 @@ ngx_http_parse_request_line(ngx_http_req + default: + r->space_in_uri = 1; + state = sw_check_uri; ++ p--; + break; + } + break; +@@ -670,6 +671,7 @@ ngx_http_parse_request_line(ngx_http_req + default: + r->space_in_uri = 1; + state = sw_uri; ++ p--; + break; + } + break; diff -Nru nginx-1.1.19/debian/patches/series nginx-1.1.19/debian/patches/series --- nginx-1.1.19/debian/patches/series 2013-05-28 19:29:55.000000000 +0000 +++ nginx-1.1.19/debian/patches/series 2013-11-21 20:04:17.000000000 +0000 @@ -1,3 +1,4 @@ perl-use-dpkg-buildflags.patch uri_segfault_fix_LP1065555.patch cve-2013-2070.patch +cve-2013-4547.patch