Format: 1.8
Date: Wed, 03 Feb 2016 09:12:00 -0500
Source: nginx
Binary: nginx nginx-doc nginx-common nginx-core nginx-core-dbg nginx-full nginx-full-dbg nginx-light nginx-light-dbg nginx-extras nginx-extras-dbg nginx-naxsi nginx-naxsi-dbg nginx-naxsi-ui
Architecture: source
Version: 1.4.6-1ubuntu3.4
Distribution: trusty-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 nginx      - small, powerful, scalable web/proxy server
 nginx-common - small, powerful, scalable web/proxy server - common files
 nginx-core - nginx web/proxy server (core version)
 nginx-core-dbg - nginx web/proxy server (core version) - debugging symbols
 nginx-doc  - small, powerful, scalable web/proxy server - documentation
 nginx-extras - nginx web/proxy server (extended version)
 nginx-extras-dbg - nginx web/proxy server (extended version) - debugging symbols
 nginx-full - nginx web/proxy server (standard version)
 nginx-full-dbg - nginx web/proxy server (standard version) - debugging symbols
 nginx-light - nginx web/proxy server (basic version)
 nginx-light-dbg - nginx web/proxy server (basic version) - debugging symbols
 nginx-naxsi - nginx web/proxy server (version with naxsi)
 nginx-naxsi-dbg - nginx web/proxy server (version with naxsi) - debugging symbols
 nginx-naxsi-ui - nginx web/proxy server - naxsi configuration front-end
Launchpad-Bugs-Fixed: 1538165
Changes: 
 nginx (1.4.6-1ubuntu3.4) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: multiple resolver security issues (LP: #1538165)
     - debian/patches/CVE-2016-074x-1.patch: fix possible segmentation fault
       on DNS format error.
     - debian/patches/CVE-2016-074x-2.patch: fix crashes in timeout handler.
     - debian/patches/CVE-2016-074x-3.patch: fixed CNAME processing for
       several requests.
     - debian/patches/CVE-2016-074x-4.patch: change the
       ngx_resolver_create_*_query() arguments.
     - debian/patches/CVE-2016-074x-5.patch: fix use-after-free memory
       accesses with CNAME.
     - debian/patches/CVE-2016-074x-6.patch: limited CNAME recursion.
     - CVE-2016-0742
     - CVE-2016-0743
     - CVE-2016-0744
Checksums-Sha1: 
 91c85d04916d955d48a8255cd7912d2a8efaf670 3000 nginx_1.4.6-1ubuntu3.4.dsc
 b43471d72889fd11805788f5541fc45842021103 2026386 nginx_1.4.6-1ubuntu3.4.debian.tar.gz
Checksums-Sha256: 
 27f34ac044290dc9e1ba8121cb5c5625bb5c46bbf2213bae7d898cb8c972c567 3000 nginx_1.4.6-1ubuntu3.4.dsc
 8d8f6827bd72fc30fbf1dbd6b0a0226a03a9df1efe21bf64fa78f76c49b52dcb 2026386 nginx_1.4.6-1ubuntu3.4.debian.tar.gz
Files: 
 5716846f3e3a4bfa9c13a1e0e60b904a 3000 httpd optional nginx_1.4.6-1ubuntu3.4.dsc
 c0020d93e40b775d0396c8dbd09b409f 2026386 httpd optional nginx_1.4.6-1ubuntu3.4.debian.tar.gz
Original-Maintainer: Kartik Mistry <kartik@debian.org>