http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html *) Security: memory corruption might occur in a worker process on 32-bit platforms while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0088); the bug had appeared in 1.5.10. Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr. Manuel Sadosky, Buenos Aires, Argentina. This seems to affect only 1.5.10. nginx-1.5.11 has been released with a fix.
Maintainers please bump version, and remove the affected version from the tree.
Keywords for www-servers/nginx: | | u | | a a a p s | n | | l m r h i m m p s p | u s | r | p d a m p a 6 i p c 3 a x | s l | e | h 6 r 6 p 6 8 p p 6 9 s r 8 | e o | p | a 4 m 4 a 4 k s c 4 0 h c 6 | d t | o -------------+-----------------------------+-----+------- 1.4.4 | o + ~ o o o o o ~ o o o o + | o 0 | gentoo [M]1.5.7-r1 | o ~ ~ o o o o o ~ o o o o ~ | o | gentoo [M]1.5.10 | o ~ ~ o o o o o ~ o o o o ~ | o | gentoo The security vulnerabilities in the masked packages are not covered. Please follow bug 503414 to check the status of the bump
