[nginx-announce] nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)
ahutchings at nginx.com
Tue Jan 26 19:49:21 UTC 2016
On 26/01/16 19:11, Christos Trochalakis wrote:
> On Tue, Jan 26, 2016 at 07:32:17PM +0300, Maxim Dounin wrote:
>> Several problems in nginx resolver were identified, which might allow
>> an attacker to cause worker process crash, or might have potential
>> other impact
>> The problems are fixed in nginx 1.9.10, 1.8.1.
> I am one of debian's nginx maintainers, I have just uploaded
> nginx-1.9.10 for unstable, so we are ready on that front. But debian
> stable is also affected (1.6.x series) and we will need to prepare a
> patch. Is it possible to ask for a single combined patch (or even better
> an 1.6.x release)?
It should be possible to get a combined patch straight out of the
mercurial repository just by doing a range on the diff. Alternatively
Fedora has already backported the patches to 1.6 which can be found
Hope this helps
Andrew Hutchings (LinuxJedi)
Technical Product Manager, NGINX Inc.
More information about the nginx-devel