Comment 0 for bug 1182586

Thomas Ward (teward) wrote :

This is CVE-2013-2070. An nginx proxy_pass buffer overflow risk is present.

Per upstream, nginx versions 1.1.4 and higher are affected.

Saucy has already received this fix as part of the 1.4.1-1 merge, as per bug 1177919.

This is tracked on the Ubuntu Security Team CVE Tracker at http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2070.html

The upstream patch for this is located at http://nginx.org/download/patch.2013.proxy.txt

This bug is being created to track the status of this being fixed in affected nginx versions in releases of Ubuntu.

(Bug importance was set to Medium per mdeslaur's guidance on IRC in #ubuntu-hardened.)