Nginx has issued an advisory on October 19: https://mailman.nginx.org/archives/list/nginx-announce@nginx.org/message/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA/ The issues are fixed upstream in 1.22.1, and via a patch linked in the message above.
Status comment: (none) => Patch available from upstream
Suggested advisory: ======================== The updated package fixes security vulnerabilities: Two security issues were identified in the ngx_http_mp4_module, which might allow an attacker to cause a worker process crash or worker process memory disclosure by using a specially crafted mp4 file, or might have potential other impact. (CVE-2022-41741, CVE-2022-41742) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742 https://mailman.nginx.org/archives/list/nginx-announce@nginx.org/message/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA/ ======================== Updated package in core/updates_testing: ======================== nginx-1.18.0-5.3.mga8 from SRPM: nginx-1.18.0-5.3.mga8.src.rpm
Status: NEW => ASSIGNEDCC: (none) => nicolas.salgueroAssignee: smelror => qa-bugsStatus comment: Patch available from upstream => (none)
MGA8-64 MATE on Acer Aspire 5253 No installation issues Ref bug 13044 for testing # nginx point fitefox at http://localhost/ and get page as answer with in the heading: "Welcome to nginx 1.18.0 on Mageia!" Looks OK.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0398.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED