[ubuntu/precise-security] nginx 1.1.19-1ubuntu0.7 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jan 6 18:22:16 UTC 2015

nginx (1.1.19-1ubuntu0.7) precise-security; urgency=medium

  * SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478)
    - debian/patches/CVE-2014-3616.patch: Use a random value for session id
      context, since there is no support for shared TLS Session Tickets in
      this version in src/event/ngx_event_openssl.c.
    - CVE-2014-3616

nginx (1.1.19-1ubuntu0.6) precise-proposed; urgency=low

  * Enable building of the http_stub_status_module in nginx-naxsi, which was
    apparently not marked for compiling even though it's listed in the package
    description.  (LP: #1170586)

Date: 2015-01-06 14:38:16.308251+00:00
Changed-By: Lev Lazinskiy <lev at levlaz.org>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list