Bug 419863

Summary:	<www-servers/nginx-1.2.1 CVE-2011-4963 Vulnerabilities with Windows directory aliases
Product:	Gentoo Security	Reporter:	Patrick Lauer <patrick>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED INVALID
Severity:	normal	CC:	amd64, darkside, dev-zero, hollow
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://nginx.org/en/security_advisories.html
Whiteboard:
Package list:		Runtime testing required:	---

Description Patrick Lauer gentoo-dev

2012-06-06 08:50:38 UTC

Vulnerabilities with Windows directory aliases
Severity: medium
CVE-2011-4963
Not vulnerable: 1.3.1+, 1.2.1+
Vulnerable: nginx/Windows 0.7.52-1.3.0

Suggest stabling 1.2.1 (stable target: amd64 x86)

Comment 1 Tim Sammut (RETIRED) gentoo-dev

2012-06-10 23:15:35 UTC

I suspect these are the fixes for this issue.

http://trac.nginx.org/nginx/changeset/4675/nginx
http://trac.nginx.org/nginx/changeset/4676/nginx

Do these affect nginx on linux? They appear Windows-specific...

Comment 2 Jeremy Olexa (darkside) (RETIRED) archtester

2012-06-11 17:55:04 UTC

> Do these affect nginx on linux? They appear Windows-specific...

Not clear to me either.

Comment 3 Jeremy Olexa (darkside) (RETIRED) archtester

2012-06-11 17:57:29 UTC

arches, please stabilize 1.2.1

Comment 4 Andreas Schürch gentoo-dev

2012-06-11 20:18:31 UTC

x86 stable, thanks.

Comment 5 Agostino Sarubbo gentoo-dev

2012-06-12 11:55:21 UTC

13:51 < ago> hello folks
13:51 < ago> CVE-2011-4963 is only windows specific or affect linux too?
13:52 < Seph> ago: only windows
13:52 < ago> Seph: great, thanks

Mark it as invalid.