CVE-2017-7529

NameCVE-2017-7529
DescriptionNginx versions since 0.5.6 up to and including 1.13.2 are vulnerable t ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1024-1, DSA-3908-1
Debian Bugs868109

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nginx (PTS)bullseye1.18.0-6.1+deb11u3fixed
bullseye (security)1.18.0-6.1+deb11u5fixed
bookworm1.22.1-9+deb12u3fixed
bookworm (security)1.22.1-9+deb12u4fixed
trixie (security), trixie1.26.3-3+deb13u2fixed
forky, sid1.30.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nginxsourcewheezy1.2.1-2.2+wheezy4+deb7u1DLA-1024-1
nginxsourcejessie1.6.2-5+deb8u5DSA-3908-1
nginxsourcestretch1.10.3-1+deb9u1DSA-3908-1
nginxsource(unstable)1.13.3-1868109

Notes

http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
Fixed in 1.13.3, 1.12.1.
Search for package or bug name: Reporting problems