Summary: | <www-servers/nginx-1.4.4 : bypass security restrictions (CVE-2013-4547) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Dirkjan Ochtman (RETIRED) <djc> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | bugs, cyberbat83, dev-zero |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Dirkjan Ochtman (RETIRED)
2013-11-19 18:37:10 UTC
nginx-1.4.4 and 1.5.7 are in the tree. Please continue with stabilization of 1.4.4 since it is the stable branch. Arches, please test and mark stable: =www-servers/nginx-1.4.4 Target keywords : "amd64 x86" amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. (In reply to Agostino Sarubbo from comment #4) > x86 stable. > > Maintainer(s), please cleanup. done. CVE-2013-4547 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4547): nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. GLSA vote: no. GLSA vote: no Closing as noglsa |