CVE Request: nginx resolver heap overflow

[Ben Hawkes <hawkes () sota gen nz>]

Hi,

The nginx team have released stable version 1.0.10, which includes a fix 
for a heap overflow bug in the custom DNS resolver:

http://trac.nginx.org/nginx/changeset/4268/nginx

The resolver is most commonly used with the proxy and fastcgi modules,
which are not enabled by default.

In order to trigger this condition an attacker would need to be in
control of an upstream resolver host, or be in a position to brute-force
the weakly generated 16-bit transaction identifier.

Thanks,
Ben Hawkes