nginx security advisories
All nginx security issues should be reported to security-alert@nginx.org.
Patches are signed using one of the PGP public keys.
Vulnerabilities with Windows directory aliases Severity: medium CVE-2011-4963 Not vulnerable: 1.3.1+, 1.2.1+ Vulnerable: nginx/Windows 0.7.52-1.3.0
Buffer overflow in the ngx_http_mp4_module Severity: major CVE-2012-2089 Not vulnerable: 1.1.19+, 1.0.15+ Vulnerable: 1.1.3-1.1.18, 1.0.7-1.0.14 The patch pgp
Memory disclosure with specially crafted backend responses Severity: major CVE-2012-1180 Not vulnerable: 1.1.17+, 1.0.14+ Vulnerable: 0.1.0-1.1.16 The patch pgp
Buffer overflow in resolver Severity: medium CVE-2011-4315 Not vulnerable: 1.1.8+, 1.0.10+ Vulnerable: 0.6.18-1.1.7
Vulnerabilities with invalid UTF-8 sequence on Windows Severity: major CVE-2010-2266 Not vulnerable: 0.8.41+, 0.7.67+ Vulnerable: nginx/Windows 0.7.52-0.8.40
Vulnerabilities with Windows file default stream Severity: major CVE-2010-2263 Not vulnerable: 0.8.40+, 0.7.66+ Vulnerable: nginx/Windows 0.7.52-0.8.39
Vulnerabilities with Windows 8.3 filename pseudonyms Severity: major CORE-2010-0121 Not vulnerable: 0.8.33+, 0.7.65+ Vulnerable: nginx/Windows 0.7.52-0.8.32
An error log data are not sanitized Severity: none CVE-2009-4487 Not vulnerable: none Vulnerable: all
The renegotiation vulnerability in SSL protocol Severity: major VU#120541 CVE-2009-3555 Not vulnerable: 0.8.23+, 0.7.64+ Vulnerable: 0.1.0-0.8.22 The patch pgp
Directory traversal vulnerability Severity: minor CVE-2009-3898 Not vulnerable: 0.8.17+, 0.7.63+ Vulnerable: 0.1.0-0.8.16
Buffer underflow vulnerability Severity: major VU#180065 CVE-2009-2629 Not vulnerable: 0.8.15+, 0.7.62+, 0.6.39+, 0.5.38+ Vulnerable: 0.1.0-0.8.14 The patch pgp
Null pointer dereference vulnerability Severity: major CVE-2009-3896 Not vulnerable: 0.8.14+, 0.7.62+, 0.6.39+, 0.5.38+ Vulnerable: 0.1.0-0.8.13 The patch pgp