main/nginx: mitigate CVE-2021-3618 (!33701) · Merge requests · alpine / aports

Kevin Daudt requested to merge kdaudt/aports:security/nginx-CVE-2021-3618 into master Apr 28, 2022

CVE-2021-3618 is an application layer protocol content confusion attack, affecting multiple applications.

According to redhat, nginx addressed this in hg:ec10718307991 or git:173f16f736c102 in mainline, but this has not been backported to a stable version yet.

Backport this fix ourselves.

Fixes #13737 (closed)

Edited Apr 28, 2022 by Kevin Daudt

main/nginx: mitigate CVE-2021-3618

Merge request reports