| 2013-05-21 17:29:42 |
Thomas Ward |
bug |
|
|
added bug |
| 2013-05-21 17:30:18 |
Thomas Ward |
cve linked |
|
2013-2070 |
|
| 2013-05-21 17:30:57 |
Thomas Ward |
nominated for series |
|
Ubuntu Precise |
|
| 2013-05-21 17:30:57 |
Thomas Ward |
nominated for series |
|
Ubuntu Quantal |
|
| 2013-05-21 17:30:57 |
Thomas Ward |
nominated for series |
|
Ubuntu Raring |
|
| 2013-05-21 17:34:08 |
Thomas Ward |
description |
This is CVE-2013-2070. An nginx proxy_pass buffer overflow risk is present.
Per upstream, nginx versions 1.1.4 and higher are affected.
Saucy has already received this fix as part of the 1.4.1-1 merge, as per bug 1177919.
This is tracked on the Ubuntu Security Team CVE Tracker at http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2070.html
The upstream patch for this is located at http://nginx.org/download/patch.2013.proxy.txt
This bug is being created to track the status of this being fixed in affected nginx versions in releases of Ubuntu.
(Bug importance was set to Medium per mdeslaur's guidance on IRC in #ubuntu-hardened.) |
This is CVE-2013-2070. An nginx proxy_pass buffer overflow risk is present.
Per upstream, nginx versions 1.1.4 and higher are affected. As such, Precise, Quantal, and Raring are affected. Saucy has already received this fix as part of the 1.4.1-1 merge (bug 1177919).
This is tracked on the Ubuntu Security Team CVE Tracker at http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2070.html
The upstream patch for this is located at http://nginx.org/download/patch.2013.proxy.txt
This bug is being created to track the status of this being fixed in affected nginx versions in releases of Ubuntu.
(Bug importance was set to Medium per mdeslaur's guidance on IRC in #ubuntu-hardened.) |
|
| 2013-05-21 20:16:56 |
Thomas Ward |
nginx (Ubuntu): assignee |
|
Thomas Ward (teward) |
|
| 2013-05-23 17:58:32 |
Marc Deslauriers |
bug task added |
|
nginx (Ubuntu Precise) |
|
| 2013-05-23 17:58:38 |
Marc Deslauriers |
bug task added |
|
nginx (Ubuntu Raring) |
|
| 2013-05-23 17:58:43 |
Marc Deslauriers |
bug task added |
|
nginx (Ubuntu Quantal) |
|
| 2013-05-23 17:59:31 |
Thomas Ward |
nginx (Ubuntu Precise): importance |
Undecided |
Medium |
|
| 2013-05-23 17:59:33 |
Thomas Ward |
nginx (Ubuntu Quantal): importance |
Undecided |
Medium |
|
| 2013-05-23 17:59:35 |
Thomas Ward |
nginx (Ubuntu Raring): importance |
Undecided |
Medium |
|
| 2013-05-23 17:59:44 |
Thomas Ward |
nginx (Ubuntu Precise): assignee |
|
Thomas Ward (teward) |
|
| 2013-05-23 17:59:46 |
Thomas Ward |
nginx (Ubuntu Quantal): assignee |
|
Thomas Ward (teward) |
|
| 2013-05-23 17:59:47 |
Thomas Ward |
nginx (Ubuntu Raring): assignee |
|
Thomas Ward (teward) |
|
| 2013-05-23 17:59:50 |
Thomas Ward |
nginx (Ubuntu): assignee |
Thomas Ward (teward) |
|
|
| 2013-05-23 18:01:04 |
Thomas Ward |
nginx (Ubuntu Precise): status |
New |
Confirmed |
|
| 2013-05-23 18:01:06 |
Thomas Ward |
nginx (Ubuntu Quantal): status |
New |
Confirmed |
|
| 2013-05-23 18:01:08 |
Thomas Ward |
nginx (Ubuntu Raring): status |
New |
Confirmed |
|
| 2013-05-23 18:01:13 |
Thomas Ward |
nginx (Ubuntu): status |
New |
Fix Released |
|
| 2013-05-24 15:55:10 |
Thomas Ward |
nginx (Ubuntu Precise): status |
Confirmed |
In Progress |
|
| 2013-05-24 15:55:12 |
Thomas Ward |
nginx (Ubuntu Quantal): status |
Confirmed |
In Progress |
|
| 2013-05-24 15:55:14 |
Thomas Ward |
nginx (Ubuntu Raring): status |
Confirmed |
In Progress |
|
| 2013-05-24 16:55:47 |
Thomas Ward |
attachment added |
|
Precise debdiff for this bug https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1182586/+attachment/3685928/+files/lp1182586-precise.debdiff |
|
| 2013-05-24 16:57:08 |
Thomas Ward |
attachment added |
|
Quantal debdiff for this bug https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1182586/+attachment/3685929/+files/lp1182586-quantal.debdiff |
|
| 2013-05-24 16:57:57 |
Thomas Ward |
attachment added |
|
Raring debdiff for this bug https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1182586/+attachment/3685930/+files/lp1182586-raring.debdiff |
|
| 2013-05-24 19:13:21 |
Thomas Ward |
nginx (Ubuntu Precise): status |
In Progress |
Confirmed |
|
| 2013-05-24 19:13:23 |
Thomas Ward |
nginx (Ubuntu Quantal): status |
In Progress |
Confirmed |
|
| 2013-05-24 19:13:25 |
Thomas Ward |
nginx (Ubuntu Raring): status |
In Progress |
Confirmed |
|
| 2013-05-24 19:13:27 |
Thomas Ward |
nginx (Ubuntu Precise): assignee |
Thomas Ward (teward) |
|
|
| 2013-05-24 19:13:29 |
Thomas Ward |
nginx (Ubuntu Quantal): assignee |
Thomas Ward (teward) |
|
|
| 2013-05-24 19:13:31 |
Thomas Ward |
nginx (Ubuntu Raring): assignee |
Thomas Ward (teward) |
|
|
| 2013-05-24 21:03:15 |
Thomas Ward |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
| 2013-05-28 20:53:33 |
Jamie Strandboge |
removed subscriber Ubuntu Security Sponsors Team |
|
|
|
| 2013-05-28 20:53:59 |
Jamie Strandboge |
nginx (Ubuntu Precise): status |
Confirmed |
Fix Committed |
|
| 2013-05-28 20:54:01 |
Jamie Strandboge |
nginx (Ubuntu Quantal): status |
Confirmed |
Fix Committed |
|
| 2013-05-28 20:54:03 |
Jamie Strandboge |
nginx (Ubuntu Raring): status |
Confirmed |
Fix Committed |
|
| 2013-05-29 00:27:19 |
Launchpad Janitor |
nginx (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
| 2013-05-29 00:27:24 |
Launchpad Janitor |
nginx (Ubuntu Quantal): status |
Fix Committed |
Fix Released |
|
| 2013-05-29 00:27:28 |
Launchpad Janitor |
nginx (Ubuntu Raring): status |
Fix Committed |
Fix Released |
|
| 2013-05-29 00:44:14 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-security/nginx |
|
| 2013-05-29 00:44:23 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/quantal/nginx/quantal-security |
|
| 2013-05-29 00:44:33 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/raring/nginx/raring-security |
|
