[Pkg-nginx-maintainers] Bug#842295: nginx: CVE-2016-1247
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 27 19:17:15 UTC 2016
Source: nginx
Version: 1.6.2-5
Severity: grave
Tags: security
Justification: user security hole
Control: fixed -1 1.6.2-5+deb8u3
Hi,
the following vulnerability was published for nginx. This bug is to
track the CVE-2016-1247 as well in the Debian BTS.
CVE-2016-1247[0]:
www-data to root privilege escalation via log file handling
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-1247
Regards,
Salvatore
More information about the Pkg-nginx-maintainers
mailing list