Question about CVE-2021-23017

Question

Question about CVE-2021-23017

alex-wearisma opened this issue 3 years ago · 2 comments

Hello,

Nginx published security advisory: "1-byte memory overwrite in resolver" [1]. This vulnerability affects Nginx versions 0.6.18-1.20.0. The latest version of Nginx in this build pack is 1.20.0. Does the version included in the build pack covers the vulnerability, and if not, would it be possible to update it to version 1.20.1?

Thank you!

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017
[2] #80

Answer 1 · 2021-06-04T09:10:50.000Z

thx, I released a new version with 1.20.1

Answer 2 · 2021-06-04T09:19:06.000Z

Thank you, @beanieboi !