{"affected":[{"ecosystem_specific":{"binaries":[{"nginx-1.0":"1.0.15-0.34.1"}]},"package":{"ecosystem":"SUSE:Lifecycle Management Server 1.3","name":"nginx-1.0","purl":"pkg:rpm/suse/nginx-1.0&distro=SUSE%20Lifecycle%20Management%20Server%201.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.15-0.34.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"nginx-1.0":"1.0.15-0.34.1"}]},"package":{"ecosystem":"SUSE:Studio Onsite 1.3","name":"nginx-1.0","purl":"pkg:rpm/suse/nginx-1.0&distro=SUSE%20Studio%20Onsite%201.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.15-0.34.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"nginx-1.0":"1.0.15-0.34.1"}]},"package":{"ecosystem":"SUSE:WebYast 1.3","name":"nginx-1.0","purl":"pkg:rpm/suse/nginx-1.0&distro=SUSE%20WebYast%201.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.15-0.34.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for nginx-1.0 fixes the following issues:\n\nThis security issues fixed:\n- CVE-2016-4450: NULL pointer dereference while writing client request body (bsc#982505).\n- CVE-2016-1000105: Setting HTTP_PROXY environment variable via Proxy header (httpoxy) (bnc#988491).\n","id":"SUSE-SU-2017:0190-1","modified":"2017-01-17T17:04:53Z","published":"2017-01-17T17:04:53Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20170190-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/982505"},{"type":"REPORT","url":"https://bugzilla.suse.com/988491"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-1000105"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-4450"}],"related":["CVE-2016-1000105","CVE-2016-4450"],"summary":"Security update for nginx-1.0","upstream":["CVE-2016-1000105","CVE-2016-4450"]}