security advisory

Antonio P.P. Almeida appa at
Thu Mar 15 12:52:26 UTC 2012

> Hello!

Hello Maxim,

> Matthew Daley recently discovered a security problem which may
> lead to a disclosure of previously freed memory on specially
> crafted response from an upstream server, potentially resulting in
> sensitive information leak.
> Patch for the problem can be found here:
> The patch is not required for 1.1.17, 1.0.14.

There's a CVE # for it? Someone asked me about it on twitter.



More information about the nginx mailing list