Accepting request 879891 from home:fschnizlein:branches:server:http

Add missing CVE changelog entry to make sure the information is not lost. This is required to submit this package to SLE. See https://en.opensuse.org/openSUSE:Creating_a_changes_file_(RPM)#Cross_Service-Pack_merges_for_SLE OBS-URL: https://build.opensuse.org/request/show/879891 OBS-URL: https://build.opensuse.org/package/show/server:http/nginx?expand=0&rev=194
2021-03-18 13:46:10 +00:00 · 2021-03-18 13:46:10 +00:00 · 04b951eef7
commit 04b951eef7
parent 85b09ead27
1 changed files with 2 additions and 0 deletions
--- a/nginx.changes
+++ b/nginx.changes
@ -290,6 +290,8 @@ Sat Dec 28 11:03:16 UTC 2019 - Илья Индиго <ilya@ilya.pp.ua>
  * A timeout might occur while handling pipelined requests in an
    SSL connection; the bug had appeared in 1.17.5.
  * Bugfix in the ngx_http_dav_module.
+  * CVE-2019-20372: Fixed an HTTP request smuggling with certain error_page
+    configurations which could have allowed unauthorized web page reads (bsc#1160682).

 -------------------------------------------------------------------
 Sat Nov 23 20:12:57 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>