© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
The binary in Quantal already has the fix, per Debian changelogs:
nginx (1.2.1-2) unstable; urgency=medium
[Cyril Lavier]
* Urgency set to medium, security bug in naxsi module, fix via upstream.
* debian/
+ Updated naxsi module to version 0.46-1 fixing the following security
issue : potential file disclosure in nx_extract.
-- Cyril Lavier <email address hidden> Wed, 27 Jun 2012 13:52:03 +0200
"Fix Released" is valid in this case for Quantal.
------
According to the Debian CVE tracker here: http://
Versions prior to 1.1.18-1 are not affected, but a fix was not applied until 1.2.1-2. Therefore, assuming that Precise (1.1.19-1) has this vulnerability is valid. Please confirm though that 1.1.19 is affected (Debian did not show a fix until at least 1.2.1-2).