Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 419863 - <www-servers/nginx-1.2.1 CVE-2011-4963 Vulnerabilities with Windows directory aliases
Summary: <www-servers/nginx-1.2.1 CVE-2011-4963 Vulnerabilities with Windows directory...
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://nginx.org/en/security_advisori...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-06-06 08:50 UTC by Patrick Lauer
Modified: 2012-06-12 11:55 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Patrick Lauer gentoo-dev 2012-06-06 08:50:38 UTC 
Vulnerabilities with Windows directory aliases
Severity: medium
CVE-2011-4963
Not vulnerable: 1.3.1+, 1.2.1+
Vulnerable: nginx/Windows 0.7.52-1.3.0

Suggest stabling 1.2.1 (stable target: amd64 x86)
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2012-06-10 23:15:35 UTC 
I suspect these are the fixes for this issue.

http://trac.nginx.org/nginx/changeset/4675/nginx
http://trac.nginx.org/nginx/changeset/4676/nginx

Do these affect nginx on linux? They appear Windows-specific...
Comment 2 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2012-06-11 17:55:04 UTC 
> Do these affect nginx on linux? They appear Windows-specific...

Not clear to me either.
Comment 3 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2012-06-11 17:57:29 UTC 
arches, please stabilize 1.2.1
Comment 4 Andreas Schürch gentoo-dev 2012-06-11 20:18:31 UTC 
x86 stable, thanks.
Comment 5 Agostino Sarubbo gentoo-dev 2012-06-12 11:55:21 UTC 
13:51 < ago> hello folks
13:51 < ago> CVE-2011-4963 is only windows specific or affect linux too?
13:52 < Seph> ago: only windows
13:52 < ago> Seph: great, thanks

Mark it as invalid.