Hello.
As stated here
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708164), the patch
nginx developers wrote for fixing CVE-2013-2070 is not 100% correct C.
This is a big issue for us (I'm part of the nginx debian packaging
team), because this patch can be applied on the Debian Wheezy's packages
(1.2.1) but won't be accepted in the repositories because the patch can
create new security issues.
Does anyone has an updated version of this patch ?
Thanks.
--
Cyril "Davromaniak" Lavier
KeyID 59E9A881
http://www.davromaniak.eu
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx