Package: nginx Version: 1.22.1-1 Severity: normal Tags: patch upstream X-Debbugs-Cc: deb...@ciel.dev
When a subrequest has SSI enabled but its main request does not, the SSI module may crash the worker due to NULL-pointer dereference. This bug has been reported since 2017 to NGINX, and a patch is just accepted by the upstream. See: Patch: https://hg.nginx.org/nginx/rev/49e7db44b57c Issue Trac: https://trac.nginx.org/nginx/ticket/1263 Maillist: https://mailman.nginx.org/archives/list/nginx-de...@nginx.org/thread/E2HSRDHFSDWXVJ464B2GQD7PEDQ5AVMI/ -- System Information: Debian Release: bookworm/sid APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.15.64-1-pve (SMP w/8 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages nginx depends on: ii nginx-core 1.22.1-1 nginx recommends no packages. nginx suggests no packages. -- no debconf information
