Debian packages for CVE-2013-4547

Christos Trochalakis yatiohi at ideopolis.gr
Fri Nov 22 07:49:08 UTC 2013


On Tue, Nov 19, 2013 at 07:02:21PM +0400, Maxim Dounin wrote:
>Hello!
>
>Ivan Fratric of the Google Security Team discovered a bug in nginx,
>which might allow an attacker to bypass security restrictions in certain
>configurations by using a specially crafted request, or might have
>potential other impact (CVE-2013-4547).
>

I wanted to inform the list that debian has uploaded packages to handle
the issue:

nginx 1.2.1-2.2+wheezy2 for wheezy (includes the backported patch)
nginx 1.4.4-1 for sid

http://lists.debian.org/debian-security-announce/2013/msg00215.html



More information about the nginx mailing list