Package "nginx"

  nginx (1.10.0-0ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY REGRESSION: config upgrade failure (LP: #1637058)
    - debian/nginx-common.config: fix return code so script doesn't exit.

 -- Marc Deslauriers <email address hidden> Thu, 27 Oct 2016 10:42:14 -0400

  nginx (1.10.0-0ubuntu0.16.04.3) xenial-security; urgency=medium

  [ Christos Trochalakis ]
  * debian/nginx-common.postinst:
    + Secure log file handling (owner & permissions) against privilege
      escalation attacks. /var/log/nginx is now owned by root:adm.
      Thanks Dawid Golunski (http://legalhackers.com) for the report.
      Changing /var/log/nginx permissions effectively reopens #701112,
      since log files can be world-readable. This is a trade-off until
      a better log opening solution is implemented upstream (trac:376).
  * debian/control:
    Don't allow building against liblua5.1-0-dev on architectures
    that libluajit is available.

 -- Marc Deslauriers <email address hidden> Tue, 18 Oct 2016 11:02:16 +0200

  nginx (1.10.0-0ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference while writing client request
    body (LP: #1587577)
    - debian/patches/cve-2016-4450.patch: Upstream patch to address issue.
    - CVE-2016-4450

 -- Thomas Ward <email address hidden> Tue, 31 May 2016 19:47:42 -0400

  nginx (1.10.0-0ubuntu0.16.04.1) xenial-proposed; urgency=medium

  * Stable Release Update (LP: #1575212)
  * New upstream release (1.10.0) - full changelog available at upstream
    website - http://nginx.org/en/CHANGES-1.10
  * All Ubuntu specific changes from 1.9.15-0ubuntu1 remain included.
  * Additional changes:
    * debian/patches/ubuntu-branding.patch: Refreshed Ubuntu Branding patch.

 -- Thomas Ward <email address hidden> Tue, 26 Apr 2016 10:21:29 -0400