epel-4 tracking bug for nginx: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the 'blocks' bugs. [bug automatically created by: add-tracking-bugs]
Any possibility of nginx being updated in the near future? This has the potential of being very problematic for people who use nginx. Thanks.
Further details on this flaw will be published later this month, so it would also be ideal to have this corrected before then.
Yes, I should be able to get this taken care of early next week. Thanks for the prod.
Fantastic. Thank you!
FYI, the details were published at https://nealpoole.com/blog/2011/08/possible-arbitrary-code-execution-with-null-bytes-php-and-old-versions-of-nginx/ Chinese hackers appear to be particularly interested in this vulnerability. I would recommend trying to release a patched version ASAP.
This was pushed to stable back in September. Should we close this ? https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4281/nginx-0.8.55-1.el5
It loks like this should have been closed by bodhi but wasn't. Closing