oss-sec mailing list archives
Re: CVEs for nginx
From: Igor Sysoev <igor () sysoev ru>
Date: Mon, 23 Nov 2009 16:12:44 +0300
On Mon, Nov 23, 2009 at 12:12:53PM +0100, Jan Lieskovsky wrote:
Hi Igor, Igor Sysoev wrote: > As I far I know - no. Josh, could you allocate one then? > This bug was fixed in 0.8.17 and 0.7.63:Changes with nginx 0.8.17 28 Sep 2009 *) Security: now "/../" are disabled in "Destination" request header line. Changes with nginx 0.7.63 26 Oct 2009 *) Security: now "/../" are disabled in "Destination" request header line. There is no patch, however, I can created it for you.That would be perfect.
The patch attached. -- Igor Sysoev http://sysoev.ru/en/
Attachment:
patch.dest.txt
Description:
Current thread:
- CVEs for nginx Craig (Nov 19)
- Re: CVEs for nginx Jan Lieskovsky (Nov 23)
- Re: CVEs for nginx Igor Sysoev (Nov 23)
- Re: CVEs for nginx Jan Lieskovsky (Nov 23)
- Re: CVEs for nginx Igor Sysoev (Nov 23)
- Re: CVEs for nginx Igor Sysoev (Nov 23)
- Re: CVEs for nginx Jan Lieskovsky (Nov 23)
- Re: CVEs for nginx Josh Bressers (Nov 23)
- Re: CVEs for nginx Steven M. Christey (Nov 23)