diff options
author | Baptiste Daroussin <bapt@FreeBSD.org> | 2014-03-06 13:14:20 +0000 |
---|---|---|
committer | Baptiste Daroussin <bapt@FreeBSD.org> | 2014-03-06 13:14:20 +0000 |
commit | d92a962af81cf4649b0898803e532382e3e42d0f (patch) | |
tree | 5b584326d64e90f3ec911639a5e2b77aec8ca604 | |
parent | 264b90757e0c12c7a31aa622a6596ad80f85d1bc (diff) | |
download | ports-d92a962af81cf4649b0898803e532382e3e42d0f.tar.gz ports-d92a962af81cf4649b0898803e532382e3e42d0f.zip |
MFH: r347158
Add security advisory for nginx-1.5.10.
Notes
Notes:
svn path=/branches/2014Q1/; revision=347195
-rw-r--r-- | security/vuxml/vuln.xml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ee8463ab3578..954984d2a598 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,40 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="89db3b31-a4c3-11e3-978f-f0def16c5c1b"> + <topic>nginx -- SPDY memory corruption</topic> + <affects> + <package> + <name>nginx-devel</name> + <range><eq>1.5.10</eq></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The nginx project reports:</p> + <blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html"> + <p>A bug in the experimental SPDY implementation in nginx 1.5.10 was found, + which might allow an attacker to corrupt worker process memory by using + a specially crafted request, potentially resulting in arbitrary code + execution (CVE-2014-0088).</p> + + <p>The problem only affects nginx 1.5.10 on 32-bit platforms, compiled with + the ngx_http_spdy_module module (which is not compiled by default), if + the "spdy" option of the "listen" directive is used in a configuration + file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-0088</cvename> + <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html</url> + </references> + <dates> + <discovery>2014-03-04</discovery> + <entry>2014-03-06</entry> + </dates> + </vuln> + <vuln vid="b4023753-a4ba-11e3-bec2-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects> |