diff options
author | Maxim Dounin <mdounin@mdounin.ru> | 2013-05-06 13:52:36 +0400 |
---|---|---|
committer | Maxim Dounin <mdounin@mdounin.ru> | 2013-05-06 13:52:36 +0400 |
commit | 18f6d20cf721f814c9ef541aba596f8f93c5352e (patch) | |
tree | 5837d1e92c257332db0fcc33a2b50b07bbf8a977 | |
parent | 818807d71e3df7ea84ce016a616886f8ae79505b (diff) | |
download | nginx-18f6d20cf721f814c9ef541aba596f8f93c5352e.tar.gz |
release-1.5.0-RELEASErelease-1.5.0
-rw-r--r-- | docs/xml/nginx/changes.xml | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml index 71e069342..b26290027 100644 --- a/docs/xml/nginx/changes.xml +++ b/docs/xml/nginx/changes.xml @@ -5,6 +5,28 @@ <change_log title="nginx"> +<changes ver="1.5.0" date="07.05.2013"> + +<change type="security"> +<para lang="ru"> +при обработке специально созданного запроса +мог перезаписываться стек рабочего процесса, +что могло приводить к выполнению произвольного кода (CVE-2013-2028); +ошибка появилась в 1.3.9.<br/> +Спасибо Greg MacManus, iSIGHT Partners Labs. +</para> +<para lang="en"> +a stack-based buffer overflow might occur in a worker process +while handling a specially crafted request, +potentially resulting in arbitrary code execution (CVE-2013-2028); +the bug had appeared in 1.3.9.<br/> +Thanks to Greg MacManus, iSIGHT Partners Labs. +</para> +</change> + +</changes> + + <changes ver="1.4.0" date="24.04.2013"> <change type="bugfix"> |