nginx: security bump to version 1.8.1

Fixes: CVE-2016-0742 - invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing anattacker who is able to forge UDP packets from the DNS server to cause segmentation fault in a worker process. CVE-2016-0746 - use-after-free condition might occur during CNAME response processing if the "resolver" directive was used, allowing an attacker who is able to trigger name resolution to cause segmentation fault in a worker process, or might have potential other impact. CVE-2016-0747 - CNAME resolution was insufficiently limited if the "resolver" directive was used, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource consumption in worker processes. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-01-27 09:03:30 -03:00 · 2016-01-27 09:03:30 -03:00 · 77dd34bc79
parent e537d52b85
commit 77dd34bc79
2 changed files with 2 additions and 2 deletions
--- a/package/nginx/nginx.hash
+++ b/package/nginx/nginx.hash
@ -1,2 +1,2 @@
 # Locally calculated after checking pgp signature
-sha256	23cca1239990c818d8f6da118320c4979aadf5386deda691b1b7c2c96b9df3d5	nginx-1.8.0.tar.gz
+sha256	8f4b3c630966c044ec72715754334d1fdf741caa1d5795fb4646c27d09f797b7	nginx-1.8.1.tar.gz
--- a/package/nginx/nginx.mk
+++ b/package/nginx/nginx.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-NGINX_VERSION = 1.8.0
+NGINX_VERSION = 1.8.1
 NGINX_SITE = http://nginx.org/download
 NGINX_LICENSE = BSD-2c
 NGINX_LICENSE_FILES = LICENSE