Information on source package nginx

Available versions

ReleaseVersion
wheezy1.2.1-2.2+wheezy4
wheezy (security)1.2.1-2.2+wheezy4+deb7u1
jessie1.6.2-5+deb8u4
jessie (security)1.6.2-5+deb8u5
stretch (security)1.10.3-1+deb9u1
buster1.13.6-2
sid1.13.6-2

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2013-0337vulnerable (no DSA)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerablevulnerableThe default configuration of nginx, possibly 1.3.13 and earlier, uses ...
CVE-2011-4968vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixednginx http proxy module does not verify peer identity of https origin server

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
CVE-2009-4487vulnerablevulnerablevulnerablevulnerablevulnerablenginx 0.7.64 writes data to a log file without sanitizing ...

Resolved issues

BugDescription
CVE-2017-7529Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable ...
CVE-2016-4450os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 ...
CVE-2016-1247The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx ...
CVE-2016-1000105
CVE-2016-0747The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not ...
CVE-2016-0746Use-after-free vulnerability in the resolver in nginx before 1.8.1 and ...
CVE-2016-0742The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows ...
CVE-2014-3616nginx 0.5.6 through 1.7.4, when using the same shared ...
CVE-2014-3556The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the ...
CVE-2014-0133Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 ...
CVE-2014-0088The SPDY implementation in the ngx_http_spdy_module module in nginx ...
CVE-2013-4547nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote ...
CVE-2013-2070http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and ...
CVE-2013-2028The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx ...
CVE-2012-4929The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google ...
CVE-2012-3380Directory traversal vulnerability in naxsi-ui/nx_extract.py in the ...
CVE-2012-2089Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module ...
CVE-2012-1180Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before ...
CVE-2011-4963nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote ...
CVE-2011-4315Heap-based buffer overflow in compression-pointer processing in ...
CVE-2010-2266nginx 0.8.36 allows remote attackers to cause a denial of service ...
CVE-2010-2263nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on ...
CVE-2009-3898Directory traversal vulnerability in ...
CVE-2009-3896src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through ...
CVE-2009-3555The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as ...
CVE-2009-2629Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through ...

Security announcements

DSA / DLADescription
DLA-1024-1nginx - security update
DSA-3908-1nginx - security update
DSA-3908-1nginx - security update
DSA-3701-2nginx - regression update
DSA-3701-1nginx - security update
DSA-3592-1nginx - security update
DSA-3473-1nginx - security update
DSA-3473-1nginx - security update
DLA-404-1nginx - security update
DSA-3029-1nginx - security update
DLA-55-1nginx - security update
DSA-2802-1nginx - restriction bypass
DSA-2721-1nginx - nginx security update
DSA-2627-1nginx - information leak
DSA-2434-1nginx - sensitive information leak
DSA-1920-1nginx - denial of service
DSA-1920-1nginx - denial of service
DSA-1884-1nginx - arbitrary code execution
DSA-1884-1nginx - arbitrary code execution

Search for package or bug name: Reporting problems