This is CVE-2013-2070. An nginx proxy_pass buffer overflow risk is present.
Per upstream, nginx versions 1.1.4 and higher are affected.
Saucy has already received this fix as part of the 1.4.1-1 merge, as per bug 1177919.
This is tracked on the Ubuntu Security Team CVE Tracker at http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2070.html
The upstream patch for this is located at http://nginx.org/download/patch.2013.proxy.txt
This bug is being created to track the status of this being fixed in affected nginx versions in releases of Ubuntu.
(Bug importance was set to Medium per mdeslaur's guidance on IRC in #ubuntu-hardened.)
This is CVE-2013-2070. An nginx proxy_pass buffer overflow risk is present.
Per upstream, nginx versions 1.1.4 and higher are affected.
Saucy has already received this fix as part of the 1.4.1-1 merge, as per bug 1177919.
This is tracked on the Ubuntu Security Team CVE Tracker at http:// people. canonical. com/~ubuntu- security/ cve/2013/ CVE-2013- 2070.html
The upstream patch for this is located at http:// nginx.org/ download/ patch.2013. proxy.txt
This bug is being created to track the status of this being fixed in affected nginx versions in releases of Ubuntu.
(Bug importance was set to Medium per mdeslaur's guidance on IRC in #ubuntu-hardened.)