ubuntu/+source/nginx:ubuntu/trusty-security

Last commit made on 2017-07-13
Get this branch:
git clone -b ubuntu/trusty-security https://git.launchpad.net/ubuntu/+source/nginx
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-security
Repository:
lp:ubuntu/+source/nginx

Recent commits

e2d1621... by Steve Beattie on 2017-07-12

Import patches-unapplied version 1.4.6-1ubuntu3.8 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 9d747af5c03a2d9054f550b93fc3f179d36f291d

New changelog entries:
  * SECURITY UPDATE: integer overflow in range filter leading to
    information exposure
    - debian/patches/CVE-2017-7529.patch: add check to ensure size does
      not overflow
    - CVE-2017-7529

9d747af... by Marc Deslauriers on 2016-10-27

Import patches-unapplied version 1.4.6-1ubuntu3.7 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: e3abbd19c4fca9315bc37faf1bcedec546a7544e

New changelog entries:
  * SECURITY REGRESSION: config upgrade failure (LP: #1637058)
    - debian/nginx-common.config: fix return code so script doesn't exit.

e3abbd1... by Marc Deslauriers on 2016-10-18

Import patches-unapplied version 1.4.6-1ubuntu3.6 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: f760f6145c0a74514b9261efff3fe21398483db7

New changelog entries:
  [ Christos Trochalakis ]
  * debian/nginx-common.postinst:
    + Secure log file handling (owner & permissions) against privilege
      escalation attacks. /var/log/nginx is now owned by root:adm.
      Thanks Dawid Golunski (http://legalhackers.com) for the report.
      Changing /var/log/nginx permissions effectively reopens #701112,
      since log files can be world-readable. This is a trade-off until
      a better log opening solution is implemented upstream (trac:376).

f760f61... by Thomas Ward on 2016-06-01

Import patches-unapplied version 1.4.6-1ubuntu3.5 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 7671cdde05919b0eae842fe430358e8484adc8e3

New changelog entries:
  * SECURITY UPDATE: Null pointer dereference while writing client request
    body (LP: #1587577)
    - debian/patches/cve-2016-4450.patch: Upstream patch to address issue.
    - CVE-2016-4450

7671cdd... by Marc Deslauriers on 2016-02-03

Import patches-unapplied version 1.4.6-1ubuntu3.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0e9662f96cb05fa7a2f73cbf412bb4f07eb1c722

New changelog entries:
  * SECURITY UPDATE: multiple resolver security issues (LP: #1538165)
    - debian/patches/CVE-2016-074x-1.patch: fix possible segmentation fault
      on DNS format error.
    - debian/patches/CVE-2016-074x-2.patch: fix crashes in timeout handler.
    - debian/patches/CVE-2016-074x-3.patch: fixed CNAME processing for
      several requests.
    - debian/patches/CVE-2016-074x-4.patch: change the
      ngx_resolver_create_*_query() arguments.
    - debian/patches/CVE-2016-074x-5.patch: fix use-after-free memory
      accesses with CNAME.
    - debian/patches/CVE-2016-074x-6.patch: limited CNAME recursion.
    - CVE-2016-0742
    - CVE-2016-0743
    - CVE-2016-0744

0e9662f... by Thomas Ward on 2015-07-29

Import patches-unapplied version 1.4.6-1ubuntu3.3 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 474940757be5fee9a50343c04e3d9bd68dc2070f

New changelog entries:
  * debian/nginx-common.nginx.init: Fix pidfile extraction, due to multiple
    failure cases, using Debian's solution. (LP: #1314740)

4749407... by Thomas Ward on 2015-02-09

Import patches-unapplied version 1.4.6-1ubuntu3.2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 73fef2ab7d6d57ea7a79fb04360963f1ba22f142

New changelog entries:
  * d/modules/nginx-http-push: Apply upstream bugfix. (LP: #1216817)
    * src/ngx_http_push_module_setup.c: Modify push module code with
      upstream changes to fix an issue with initialization when using
      `fastcgi_cache` or `proxy_cache`.
    * tests/nginx-cachemanager.conf: (new file) Include upstream change
      of adding an nginx-cachemanager.conf file to the tests.

73fef2a... by Marc Deslauriers on 2014-09-17

Import patches-unapplied version 1.4.6-1ubuntu3.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: c94d5751afca37609d0982a35ea1b7df7585b25a

New changelog entries:
  * SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478)
    - debian/patches/CVE-2014-3616.patch: include hash of certificate in
      session id context in src/event/ngx_event_openssl.c.
    - CVE-2014-3616

c94d575... by Thomas Ward on 2014-03-10

Import patches-unapplied version 1.4.6-1ubuntu3 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: dee08f5931ba689b998ad9491418a56a40f9e404

New changelog entries:
  * Add new binary package for main, nginx-core, which contains only
    source-tarball-included modules and no third-party modules.
  * Changes to debian/ directory:
    - control:
      + Add entry for nginx-core and nginx-core-dbg.
    - rules:
      + Add nginx-core flavor to the build rules.
    - nginx-core.*: Add new packaging files for nginx-core based on
      the packaging files for nginx-full.
  * The above changes satisfy the requirements for main (LP: #1262710)

dee08f5... by Adam Conrad on 2014-03-09

Import patches-unapplied version 1.4.6-1ubuntu2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 7c33493e008f18852523903be43fab88fdfb7dca

New changelog entries:
  * debian/rules: Drop from -O3 to -O2 to work around a build failure.