Bug 1302599

Summary: nginx: update for CVE-2016-0742, CVE-2016-0746, CVE-2016-0747 [epel-5]
Product: [Fedora] Fedora EPEL Reporter: Martin Prpič <mprpic>
Component: nginxAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: el5CC: affix, athmanem, bperkins, dac, extras-qa, jeremy, jkaluza, pavel.lisy, pim, wtogami
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: fst_owner=dcafaro
Fixed In Version: nginx-1.10.1-1.el5 Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: 1302334 Environment:
Last Closed: 2016-09-06 20:16:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1302587, 1302588, 1302589    

Description Martin Prpič 2016-01-28 08:54:41 UTC 
Description of problem:
Current version of Nginx 0.8.55 in EPEL 5 is out-dated and contains vulnerabilities.

See: http://nginx.org/en/security_advisories.html

Solution: rebase to Nginx 1.8.1.
Comment 1 Jamie Nguyen 2016-01-28 12:07:33 UTC 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/VFCIBCTGIYMVJCCUE3ZQVAARVHUF3YPP/
Comment 2 David A. Cafaro 2016-03-16 13:20:44 UTC 
I read up on the thread, are you still moving forward with the update to latest release path?  (Which I support)
Comment 3 Fedora Update System 2016-07-02 20:09:56 UTC 
nginx-1.10.1-1.el5 has been submitted as an update to Fedora EPEL 5. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c03e77f531
Comment 4 Fedora Update System 2016-07-03 11:15:59 UTC 
nginx-1.10.1-1.el5 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c03e77f531
Comment 5 Fedora Update System 2016-09-06 20:16:08 UTC 
nginx-1.10.1-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.