diff -Nru nginx-1.4.1/debian/changelog nginx-1.4.1/debian/changelog --- nginx-1.4.1/debian/changelog 2014-02-13 05:43:28.000000000 -0500 +++ nginx-1.4.1/debian/changelog 2014-03-18 21:17:21.000000000 -0400 @@ -1,3 +1,13 @@ +nginx (1.4.1-3ubuntu1.3) saucy-security; urgency=low + + * SECURITY UPDATE: SPDY Heap Buffer Overflow Vulnerabilty (LP: #1294280) + - debian/patches/cve-2014-0133.patch: modify srchttp/ngx_http_spdy.c to + fix a heap buffer overflow vulnerability in the SPDY module by using + a specially crafted request. + - CVE-2014-0133 + + -- Thomas Ward Tue, 18 Mar 2014 21:17:14 -0400 + nginx (1.4.1-3ubuntu1.2) saucy; urgency=low * Apply upstream changes to fix a segmentation fault in the third-party diff -Nru nginx-1.4.1/debian/patches/cve-2014-0133.patch nginx-1.4.1/debian/patches/cve-2014-0133.patch --- nginx-1.4.1/debian/patches/cve-2014-0133.patch 1969-12-31 19:00:00.000000000 -0500 +++ nginx-1.4.1/debian/patches/cve-2014-0133.patch 2014-03-18 21:10:17.000000000 -0400 @@ -0,0 +1,15 @@ +Description: Fixes CVE-2014-0133 which is an SPDY Heap Buffer Overflow vulnerabiltiy +Origin: upstream, http://nginx.org/download/patch.2014.spdy2.txt +Bug-Debian: https://bugs.debian.org/742059 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1294280 +--- a/src/http/ngx_http_spdy.c ++++ b/src/http/ngx_http_spdy.c +@@ -1849,7 +1849,7 @@ static u_char * + ngx_http_spdy_state_save(ngx_http_spdy_connection_t *sc, + u_char *pos, u_char *end, ngx_http_spdy_handler_pt handler) + { +-#if (NGX_DEBUG) ++#if 1 + if (end - pos > NGX_SPDY_STATE_BUFFER_SIZE) { + ngx_log_error(NGX_LOG_ALERT, sc->connection->log, 0, + "spdy state buffer overflow: " diff -Nru nginx-1.4.1/debian/patches/series nginx-1.4.1/debian/patches/series --- nginx-1.4.1/debian/patches/series 2013-11-21 18:13:55.000000000 -0500 +++ nginx-1.4.1/debian/patches/series 2014-03-18 21:07:32.000000000 -0400 @@ -1,3 +1,4 @@ perl-use-dpkg-buildflags.patch ubuntu-branding.patch cve-2013-4547.patch +cve-2014-0133.patch