oss-sec mailing list archives
Re: CVEs for nginx
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 23 Nov 2009 12:12:53 +0100
Hi Igor, Igor Sysoev wrote: > As I far I know - no. Josh, could you allocate one then? > This bug was fixed in 0.8.17 and 0.7.63:
Changes with nginx 0.8.17 28 Sep 2009
*) Security: now "/../" are disabled in "Destination" request header
line.
Changes with nginx 0.7.63 26 Oct 2009
*) Security: now "/../" are disabled in "Destination" request header
line.
There is no patch, however, I can created it for you.
That would be perfect. Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVEs for nginx Craig (Nov 19)
- Re: CVEs for nginx Jan Lieskovsky (Nov 23)
- Re: CVEs for nginx Igor Sysoev (Nov 23)
- Re: CVEs for nginx Jan Lieskovsky (Nov 23)
- Re: CVEs for nginx Igor Sysoev (Nov 23)
- Re: CVEs for nginx Igor Sysoev (Nov 23)
- Re: CVEs for nginx Jan Lieskovsky (Nov 23)
- Re: CVEs for nginx Josh Bressers (Nov 23)
- Re: CVEs for nginx Steven M. Christey (Nov 23)