[nginx/f18] Update to 1.2.9 which fixes CVE-2013-2070
Jamie Nguyen
jamielinux at fedoraproject.org
Mon May 13 20:56:38 UTC 2013
commit 5321fb9c1de2f0c204d3293b9fb9b16d41aae6d9
Author: Jamie Nguyen <j at jamielinux.com>
Date: Mon May 13 21:55:59 2013 +0100
Update to 1.2.9 which fixes CVE-2013-2070
.gitignore | 2 ++
nginx.spec | 9 +++++++--
sources | 4 ++--
3 files changed, 11 insertions(+), 4 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index bec8aed..24ec388 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,3 +16,5 @@ x86_64/
/nginx-1.2.7.tar.gz.asc
/nginx-1.2.8.tar.gz
/nginx-1.2.8.tar.gz.asc
+/nginx-1.2.9.tar.gz
+/nginx-1.2.9.tar.gz.asc
diff --git a/nginx.spec b/nginx.spec
index ee90cba..c68912b 100644
--- a/nginx.spec
+++ b/nginx.spec
@@ -16,8 +16,8 @@
Name: nginx
Epoch: 1
-Version: 1.2.8
-Release: 3%{?dist}
+Version: 1.2.9
+Release: 1%{?dist}
Summary: A high performance web server and reverse proxy server
Group: System Environment/Daemons
@@ -222,6 +222,11 @@ fi
%changelog
+* Mon May 13 2013 Jamie Nguyen <jamielinux at fedoraproject.org> - 1:1.2.9-1
+- update to upstream release 1.2.9 which fixes CVE-2013-2070: "denial of
+ service or memory disclosure when using proxy_pass" (#962525, #962526),
+ which is related to CVE-2013-2028 affecting nginx 1.4.0
+
* Sun Apr 28 2013 Dan HorĂ¡k <dan[at]danny.cz> - 1:1.2.8-3
- gperftools exist only on selected arches
diff --git a/sources b/sources
index cd4f21c..89ba6cf 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-b9f7640cca35196d0e719ac5da24c7bd nginx-1.2.8.tar.gz
-667456b02a3bda6851a778e06cd7a696 nginx-1.2.8.tar.gz.asc
+b8d104542c8b74161147762e31428cc3 nginx-1.2.9.tar.gz
+6df6da57a35aec981871ab8f5fd27fae nginx-1.2.9.tar.gz.asc
More information about the scm-commits
mailing list