[nginx-announce] security advisory

Maxim Dounin mdounin at mdounin.ru
Thu Mar 15 12:26:22 UTC 2012


Matthew Daley recently discovered a security problem which may 
lead to a disclosure of previously freed memory on specially 
crafted response from an upstream server, potentially resulting in 
sensitive information leak.

Patch for the problem can be found here:


The patch is not required for 1.1.17, 1.0.14.

Maxim Dounin

More information about the nginx-announce mailing list