| Message ID | 20190823102133.12952-1-peter@korsgaard.com |
|---|---|
| State | Accepted |
| Commit | 24309ef4ab7f5c9b85233ebd98ccc6657f70f271 |
| Headers | show |
| Series | package/nginx: security bump to version 1.16.1 | expand |
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: > Fixes the following security issues: > Security: when using HTTP/2 a client might cause excessive memory > consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, > CVE-2019-9516). > For details, see the advisory: > https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed, thanks.
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: > Fixes the following security issues: > Security: when using HTTP/2 a client might cause excessive memory > consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, > CVE-2019-9516). > For details, see the advisory: > https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed to 2019.02.x and 2019.05.x, thanks.
diff --git a/package/nginx/nginx.hash b/package/nginx/nginx.hash index c322a64db2..4df7906eea 100644 --- a/package/nginx/nginx.hash +++ b/package/nginx/nginx.hash @@ -1,4 +1,4 @@ # Locally calculated after checking pgp signature -sha256 4fd376bad78797e7f18094a00f0f1088259326436b537eb5af69b01be2ca1345 nginx-1.16.0.tar.gz +sha256 f11c2a6dd1d3515736f0324857957db2de98be862461b5a542a3ac6188dbe32b nginx-1.16.1.tar.gz # License files, locally calculated sha256 28ad30e2f64bd89ac1287b4606906bb99ed04d9f4e13fb6564a0be9c8a23f509 LICENSE diff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk index eed7602570..08adcaec51 100644 --- a/package/nginx/nginx.mk +++ b/package/nginx/nginx.mk @@ -4,7 +4,7 @@ # ################################################################################ -NGINX_VERSION = 1.16.0 +NGINX_VERSION = 1.16.1 NGINX_SITE = http://nginx.org/download NGINX_LICENSE = BSD-2-Clause NGINX_LICENSE_FILES = LICENSE
Fixes the following security issues: Security: when using HTTP/2 a client might cause excessive memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). For details, see the advisory: https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- package/nginx/nginx.hash | 2 +- package/nginx/nginx.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)