[nginx-announce] nginx-1.0.15

Maxim Dounin mdounin at mdounin.ru
Thu Apr 12 13:27:08 UTC 2012

Changes with nginx 1.0.15                                        12 Apr 2012

    *) Security: specially crafted mp4 file might allow to overwrite memory
       locations in a worker process if the ngx_http_mp4_module was used,
       potentially resulting in arbitrary code execution (CVE-2012-2089).
       Thanks to Matthew Daley.

    *) Bugfix: in the ngx_http_mp4_module.

Maxim Dounin

More information about the nginx-announce mailing list