View Issue Details

IDProjectCategoryView StatusLast Update
0007295CentOS-7-OTHERpublic2014-12-09 20:24
Reporterpekkap Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status assignedResolutionopen 
Summary0007295: Upstream nginx14-nginx contains CVE-2014-0133
Description%changelog
* Tue Mar 4 2014 Joe Orton <jorton@redhat.com> - 1:1.4.4-10
- run restorecon in %%post for #1072266

vs.

2014-03-18
nginx-1.4.7 stable and nginx-1.5.12 mainline versions has been released, with a fix for the SPDY heap buffer overflow vulnerability discovered by Lucas Molas, researcher at Programa STIC, FundaciĆ³n Dr. Manuel Sadosky, Buenos Aires, Argentina (CVE-2014-0133).
TagsNo tags attached.
abrt_hash
URL

Relationships

related to 0007294 assignedJohnnyHughes nginx14-nginx branding 

Activities

pekkap

pekkap

2014-07-04 11:18

reporter   ~0020177

Probably not affected:

localhost:nginx14-nginx pp$ grep with-debug */*
SPECS/nginx.spec: --with-debug \

(official fix is a #if NGX_DBG -> #if 1 )
tigalch

tigalch

2014-07-04 15:12

manager   ~0020179

Last edited: 2014-12-09 20:24

nginx is not part of C7. Which package of nginx are you using? Or do you use C6?

pekkap

pekkap

2014-07-04 16:26

reporter   ~0020181

It's in RHSCL 1.1 (and thus eventually CentOS, which currently has 1.0 for c6, right?), which is why I was asked to file bugs here. Already in git https://git.centos.org/summary/?r=rpms/nginx14-nginx.git

But yep, this one is notabug due to fortunate compile flags, the other branding one is relevant. Most users will probably want to get something more recent from EPEL (or a nginx16 SCL, which currently doesn't exist), but since it's officially shipped upstream, it's relevant for CentOS :-)
tigalch

tigalch

2014-07-04 16:33

manager   ~0020182

Rebuilding of SCL1.1 will probably start of GA of C7.

Issue History

Date Modified Username Field Change
2014-07-04 11:05 pekkap New Issue
2014-07-04 11:18 pekkap Note Added: 0020177
2014-07-04 15:12 tigalch Note Added: 0020179
2014-07-04 15:12 tigalch Status new => feedback
2014-07-04 15:40 tigalch Note Edited: 0020179
2014-07-04 15:44 tigalch Note Edited: 0020179
2014-07-04 16:26 pekkap Note Added: 0020181
2014-07-04 16:26 pekkap Status feedback => assigned
2014-07-04 16:33 tigalch Note Added: 0020182
2014-07-04 16:34 tigalch Relationship added related to 0007294
2014-07-04 20:38 tigalch Status assigned => acknowledged
2014-07-04 20:38 tigalch Status acknowledged => assigned
2014-12-09 20:24 tigalch Note Edited: 0020179