Updated patch for CVE-2013-2070 ?

Cyril Lavier cyril.lavier at davromaniak.eu
Fri Jun 7 06:37:49 UTC 2013


As stated here
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708164), the patch
nginx developers wrote for fixing CVE-2013-2070 is not 100% correct C.

This is a big issue for us (I'm part of the nginx debian packaging
team), because this patch can be applied on the Debian Wheezy's packages
(1.2.1) but won't be accepted in the repositories because the patch can
create new security issues.

Does anyone has an updated version of this patch ?


Cyril "Davromaniak" Lavier
KeyID 59E9A881

More information about the nginx mailing list