[ubuntu/xenial-proposed] nginx 1.9.10-0ubuntu1 (Accepted)

Thomas Ward teward at ubuntu.com
Tue Jan 26 21:05:16 UTC 2016 

nginx (1.9.10-0ubuntu1) xenial; urgency=medium

  * New upstream release.
  * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch
  * Security content of this upload addresses the following vulnerabilities
    and CVE-numbered Security issues: (LP: #1538165)
    - Invalid pointer dereference might occur during DNS server response
      processing, allowing an attacker who is able to forge UDP
      packets from the DNS server to cause worker process crash
      (CVE-2016-0742).
    - Use-after-free condition might occur during CNAME response
      processing. This problem allows an attacker who is able to trigger
      name resolution to cause worker process crash, or might
      have potential other impact (CVE-2016-0746).
    - CNAME resolution was insufficiently limited, allowing an attacker who
      is able to trigger arbitrary name resolution to cause excessive resource
      consumption in worker processes (CVE-2016-0747).

Date: Tue, 26 Jan 2016 14:53:01 -0500
Changed-By: Thomas Ward <teward at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/nginx/1.9.10-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 26 Jan 2016 14:53:01 -0500
Source: nginx
Binary: nginx nginx-doc nginx-common nginx-core nginx-core-dbg nginx-full nginx-full-dbg nginx-light nginx-light-dbg nginx-extras nginx-extras-dbg
Architecture: source
Version: 1.9.10-0ubuntu1
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Thomas Ward <teward at ubuntu.com>
Description: 
 nginx      - small, powerful, scalable web/proxy server
 nginx-common - small, powerful, scalable web/proxy server - common files
 nginx-core - nginx web/proxy server (core version)
 nginx-core-dbg - nginx web/proxy server (core version) - debugging symbols
 nginx-doc  - small, powerful, scalable web/proxy server - documentation
 nginx-extras - nginx web/proxy server (extended version)
 nginx-extras-dbg - nginx web/proxy server (extended version) - debugging symbols
 nginx-full - nginx web/proxy server (standard version)
 nginx-full-dbg - nginx web/proxy server (standard version) - debugging symbols
 nginx-light - nginx web/proxy server (basic version)
 nginx-light-dbg - nginx web/proxy server (basic version) - debugging symbols
Launchpad-Bugs-Fixed: 1538165
Changes: 
 nginx (1.9.10-0ubuntu1) xenial; urgency=medium
 .
   * New upstream release.
   * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch
   * Security content of this upload addresses the following vulnerabilities
     and CVE-numbered Security issues: (LP: #1538165)
     - Invalid pointer dereference might occur during DNS server response
       processing, allowing an attacker who is able to forge UDP
       packets from the DNS server to cause worker process crash
       (CVE-2016-0742).
     - Use-after-free condition might occur during CNAME response
       processing. This problem allows an attacker who is able to trigger
       name resolution to cause worker process crash, or might
       have potential other impact (CVE-2016-0746).
     - CNAME resolution was insufficiently limited, allowing an attacker who
       is able to trigger arbitrary name resolution to cause excessive resource
       consumption in worker processes (CVE-2016-0747).
Checksums-Sha1: 
 3410af9176a24b8b895794bc820a0b2a570caa46 2841 nginx_1.9.10-0ubuntu1.dsc
 b7ddb8bb55ad20c336c94526cd2c26b5699caeb5 889267 nginx_1.9.10.orig.tar.gz
 19d61f25c51551cd8a6088e57875d5cf4679eedd 1002823 nginx_1.9.10-0ubuntu1.debian.tar.gz
Checksums-Sha256: 
 6c2ffb92b77e4c4045a018fa72bb4835bc4eafc59dfb901c800013cb90600191 2841 nginx_1.9.10-0ubuntu1.dsc
 fb14d76844cab0a5a0880768be28965e74f9956790f618c454ef6098e26631d9 889267 nginx_1.9.10.orig.tar.gz
 f82d1f3fe3cc83aab0717d964289ec53add78e561362d740b3db21066a62cd8b 1002823 nginx_1.9.10-0ubuntu1.debian.tar.gz
Files: 
 0df5c1b17665182a70011bb8d3ddd33f 2841 httpd optional nginx_1.9.10-0ubuntu1.dsc
 64cc970988356a5e0fc4fcd1ab84fe57 889267 httpd optional nginx_1.9.10.orig.tar.gz
 0ca8f66d35a9e63823a7fa78301a702d 1002823 httpd optional nginx_1.9.10-0ubuntu1.debian.tar.gz
Original-Maintainer: Kartik Mistry <kartik at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWp8+FAAoJEGbkJ7T1ae9VHtYP/j2eBtVIWxgwUVmuGMuFur3X
8PInEQexlv827xTtiHsFG6oh3STVAt9rPECPlfFNMGaep7JixHrv2TpmNN45OCJe
9eAvdKedvVu7e4B1SQU4H3lC+W1fMaJTuXLp867grKSrkQXLiCYVB3ghbneePXRT
TNPFPPTuKqZwAE7+syhoyCrA1uIAxx43r7FN0mktgiulB0PSWpg1EAmkKca2Sv6k
xwo6MOn9peGaW1dpKiE2c0Y/HpCdegJ/5y6tORueQKEeqNueQfoI+oaDpxccS0FP
XRKZJsCkwi0IeDneilZMQ54aQGbWX6+xUFyGhUtWMNHvS5G4Ts1iqaDIYHiubIF2
82cHKCeiHmTDVw8T5kxeM9DUK1lTScRNE+2AX5iDbhLXjc4kWPm8NUBguib0T5Uo
HgxdGEExQaCohbz4ot6cUKAFqvx63wEwweTSqe69flASVJKFUP+Q5RiTubKY+Oix
9QxH6wAcHE0X2RG9xEDUWxHtWftlTX3d55T00ZoQEOCL16i+nK0iIZSpr0rFZbgY
qFHQo1VrIV3XPOWc6u2+bTsqsJf+GgMvXWSvEy1xwuGfIOOEIEOuHAhz10+uzNox
YK8dyQeQt08i1LA0TaOA4YuI+LXfFpAIk8kcLxOnSmNA43Tq0zs8PPvuaLR2d118
0Q2gKf5cd8lkd8b4yvFd
=oKbT
-----END PGP SIGNATURE-----

More information about the Xenial-changes mailing list