-
nginx (1.2.1-2.2ubuntu0.2) quantal-security; urgency=low
* SECURITY UPDATE: ACL bypass via space character (LP: #1253691)
- debian/patches/cve-2013-4547.patch: modify src/http/ngx_http_parse.c
to account for a space character, fixing an issue which could result in
security restrictions being bypassed
- CVE-2013-4547
-- Thomas Ward <email address hidden> Thu, 21 Nov 2013 13:19:37 -0500
-
nginx (1.2.1-2.2ubuntu0.1) quantal-security; urgency=low
* Security update (closes LP: #1182586):
* Patch to fix a buffer overflow vulnerability (CVE-2013-2070)
-- Thomas Ward <email address hidden> Fri, 24 May 2013 12:37:12 -0400
-
nginx (1.2.1-2.2) unstable; urgency=low
* Non-maintainer upload.
* Fix "removes files that were installed by another package":
don't remove directories that are owned by (and removed from) nginx-common
from nginx-extras.postrm. This seems to have been the idea in commit e30a854
("Moved configuration purging to nginx-common.") except that it was added
in nginx-common.postrm without being removed in nginx-extras.postrm.
Remove nginx-extras.postrm since it's empty after this change.
(Closes: #681758)
-- gregor herrmann <email address hidden> Sat, 04 Aug 2012 18:13:10 +0200
-
nginx (1.2.1-2) unstable; urgency=medium
[Cyril Lavier]
* Urgency set to medium, security bug in naxsi module, fix via upstream.
* debian/modules/naxsi:
+ Updated naxsi module to version 0.46-1 fixing the following security
issue : potential file disclosure in nx_extract.
-- Cyril Lavier <email address hidden> Wed, 27 Jun 2012 13:52:03 +0200
-
nginx (1.2.0-1) unstable; urgency=low
[Cyril Lavier]
* New upstream release. (Closes: #670306)
+ 1.2.x is stable release now.
* debian/modules/chunkin-nginx-module:
+ Updated chunkin-nginx-module to v0.23rc2-3-g85eca98.
* debian/modules/headers-more-module:
+ Updated headers-more-module to v0.17rc1-4-g33a82ed.
* debian/modules/nginx-development-kit:
+ Updated nginx-development-kit to v0.2.17-7-g24202b4.
* debian/modules/nginx-echo:
+ Updated nginx-echo to v0.38rc2-7-g080c0a1.
* debian/modules/nginx-lua:
+ Updated nginx-lua to v0.5.0rc25-5-g8d28785.
* debian/modules/nginx-upstream-fair:
+ Updated nginx-upstream-fair to a18b409.
* debian/modules/nginx-upload-progress:
+ Updated nginx-upload-progress to v0.9.0-0-ga788dea.
* debian/modules/naxsi:
+ Updated naxsi to 0.46
* debian/modules/README.Modules-versions:
+ Updated versions and URLs for modules.
* debian/naxsi-ui-extract, debian/naxsi-ui-intercept,
debian/nginx-naxsi-ui.*, debian/naxsi-ui-extract.1,
debian/naxsi-ui-intercept.1, debian/rules:
+ Added nginx-naxsi-ui package containing the learning daemon
and the WebUI.
* debian/nginx-common.nginx.default, debian/nginx-common.nginx.init:
+ Renamed files to be compliant with the nginx-naxsi-ui package.
* debian/po:
+ Added needed files for using po-debconf.
+ Added French translation.
* debian/control:
+ Applied the modifications given after the review by Justin Rye.
[Michael Lustfield]
* debian/conf/uwsgi_params:
+ Added UWSGI_SCHEME to uwsgi_params. (Closes: #664878)
* debian/conf/sites-available/default:
+ Added allow directive for ipv6 localhost. (Closes: #664271)
[Kartik Mistry]
* debian/control:
+ wrap-and-sort.
* debian/copyright:
+ Added missing copyrights, minor formatting fixes.
* debian/nginx-common.nginx.init:
+ Added ulimit for restarts, Thanks to Daniel Roschka
<email address hidden> for patch. (Closes: #673580)
* debian/conf/sites-available/default:
+ Added patch to fix deprecated "listen" directive, Thanks to
Guillaume Plessis <email address hidden> for patch. (Closes: #672632)
-- Kartik Mistry <email address hidden> Mon, 14 May 2012 11:15:00 +0530
-
nginx (1.1.19-1) unstable; urgency=high
[Cyril Lavier]
* New upstream release.
+ Fixed a buffer overflow in the ngx_http_mp4_module. See: CVE-2012-2089
for more details.
* debian/copyright:
+ Updated licenses.
* debian/nginx-extras.postinst, debian/nginx-full.postinst,
debian/nginx-light.postinst, debian/nginx-naxsi.postinst:
+ Removing the debug markers. (Closes: #667894)
* debian/control, debian/rules, debian/copyright,
debian/modules/nginx-dav-ext-module:
+ Added nginx-dav-ext-module in full and extras.
* debian/modules/naxsi:
+ Updated naxsi to the SVN snapshot (r280) to fix the licence issue with
OpenSSL.
[Kartik Mistry]
* Misc cleanups in debian/control, debian/copyright.
-- Cyril Lavier <email address hidden> Fri, 13 Apr 2012 16:58:59 +0530
