From 9a9277b22770df4b0bab88cf0efbbca23eb4ef7d Mon Sep 17 00:00:00 2001 From: Valentin Bartenev Date: Thu, 7 Feb 2019 17:46:46 +0300 Subject: [PATCH] Added version 1.7.1 CHANGES. --- CHANGES | 11 +++++++++++ docs/changes.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/CHANGES b/CHANGES index 674120ac..72a21c3f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,15 @@ +Changes with Unit 1.7.1 07 Feb 2019 + + *) Security: a heap memory buffer overflow might have been caused in the + router process by a specially crafted request, potentially resulting + in a segmentation fault or other unspecified behavior + (CVE-2019-7401). + + *) Bugfix: install of Go module failed without prior building of Unit + daemon; the bug had appeared in 1.7. + + Changes with Unit 1.7 20 Dec 2018 *) Change: now rpath is set in Ruby module only if the library was not diff --git a/docs/changes.xml b/docs/changes.xml index 6a1f8a9b..ea4298ba 100644 --- a/docs/changes.xml +++ b/docs/changes.xml @@ -5,6 +5,47 @@ + + + + +NGINX Unit updated to 1.7.1. + + + + + + + + + + +a heap memory buffer overflow might have been caused in the router process by +a specially crafted request, potentially resulting in a segmentation fault or +other unspecified behavior (CVE-2019-7401). + + + + + +install of Go module failed without prior building of Unit daemon; +the bug had appeared in 1.7. + + + + + +