The binary in Quantal already has the fix, per Debian changelogs:
nginx (1.2.1-2) unstable; urgency=medium
[Cyril Lavier]
* Urgency set to medium, security bug in naxsi module, fix via upstream.
* debian/modules/naxsi:
+ Updated naxsi module to version 0.46-1 fixing the following security
issue : potential file disclosure in nx_extract.
Versions prior to 1.1.18-1 are not affected, but a fix was not applied until 1.2.1-2. Therefore, assuming that Precise (1.1.19-1) has this vulnerability is valid. Please confirm though that 1.1.19 is affected (Debian did not show a fix until at least 1.2.1-2).
The binary in Quantal already has the fix, per Debian changelogs:
nginx (1.2.1-2) unstable; urgency=medium
[Cyril Lavier] modules/ naxsi:
* Urgency set to medium, security bug in naxsi module, fix via upstream.
* debian/
+ Updated naxsi module to version 0.46-1 fixing the following security
issue : potential file disclosure in nx_extract.
-- Cyril Lavier <email address hidden> Wed, 27 Jun 2012 13:52:03 +0200
"Fix Released" is valid in this case for Quantal.
------
According to the Debian CVE tracker here: http:// security- tracker. debian. org/tracker/ CVE-2012- 3380
Versions prior to 1.1.18-1 are not affected, but a fix was not applied until 1.2.1-2. Therefore, assuming that Precise (1.1.19-1) has this vulnerability is valid. Please confirm though that 1.1.19 is affected (Debian did not show a fix until at least 1.2.1-2).