Welcome! Log In Create A New Profile

Advanced

Updated patch for CVE-2013-2070 ?

Previous Message Next Message
Forum List Message List New Topic Print View
Cyril Lavier
June 07, 2013 02:40AM
Hello.

As stated here
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708164), the patch
nginx developers wrote for fixing CVE-2013-2070 is not 100% correct C.

This is a big issue for us (I'm part of the nginx debian packaging
team), because this patch can be applied on the Debian Wheezy's packages
(1.2.1) but won't be accepted in the repositories because the patch can
create new security issues.

Does anyone has an updated version of this patch ?

Thanks.

--
Cyril "Davromaniak" Lavier
KeyID 59E9A881
http://www.davromaniak.eu

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Updated patch for CVE-2013-2070 ?

Cyril Lavier June 07, 2013 02:40AM

Re: Updated patch for CVE-2013-2070 ?

Maxim Dounin June 07, 2013 09:30AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 278
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready