Updated patch for CVE-2013-2070 ?
cyril.lavier at davromaniak.eu
Fri Jun 7 06:37:49 UTC 2013
As stated here
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708164), the patch
nginx developers wrote for fixing CVE-2013-2070 is not 100% correct C.
This is a big issue for us (I'm part of the nginx debian packaging
team), because this patch can be applied on the Debian Wheezy's packages
(1.2.1) but won't be accepted in the repositories because the patch can
create new security issues.
Does anyone has an updated version of this patch ?
Cyril "Davromaniak" Lavier
More information about the nginx