CVE-2023-27727 (https://github.com/nginx/njs/issues/617): Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h. CVE-2023-27728 (https://github.com/nginx/njs/issues/618): Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c. CVE-2023-27729 (https://github.com/nginx/njs/issues/619): Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c. CVE-2023-27730 (https://github.com/nginx/njs/issues/615): Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c. Probably no impact, but should still bump 0.7.10 just in case.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4dce633da7edca08a480a87c7dd4339a41d811da commit 4dce633da7edca08a480a87c7dd4339a41d811da Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2023-04-26 14:16:40 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2023-04-27 21:44:20 +0000 www-servers/nginx: update to njs 0.7.12 Bug: https://bugs.gentoo.org/905096 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Conrad Kostecki <conikost@gentoo.org> www-servers/nginx/Manifest | 1 + www-servers/nginx/nginx-1.24.0-r1.ebuild | 1066 ++++++++++++++++++++++++++++++ 2 files changed, 1067 insertions(+)
Thanks! Waiting for stabilization here then, but no rush.
1.24.0-r1 is stable.
Thanks, all done!