"A patch to fix a null pointer dereference vulnerability in 0.1.0-0.8.13.
The patch is not required for versions 0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+. "
Please bump or provide an patched ebuild.
src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through
0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before
0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a
denial of service (NULL pointer dereference and worker process crash)
via a long URI.
I've bumped to 0.7.64 and 0.8.29. Let me know if anyone really wants an older branch.
0.7.64 is stable on all platforms where any version is stable, resolving.
Adding to existing GLSA request.
This issue was resolved and addressed in
GLSA 201203-22 at http://security.gentoo.org/glsa/glsa-201203-22.xml
by GLSA coordinator Sean Amoss (ackle).