[nginx-announce] nginx security advisory (CVE-2014-3616)

Yichun Zhang (agentzh) agentzh at gmail.com
Wed Sep 17 19:56:33 UTC 2014


Hello!

On Wed, Sep 17, 2014 at 12:58 AM, Christos Trochalakis wrote:
> I am one of the debian nginx maintainers. Is it possible to provide a
> patch for nginx-1.2 series since the relevant commit is not backportable
> as-is?
>

+1

I also hope there is a standalone patch that can (also) be applied to
older versions in the 1.7.x series. Because I do not want to
immediately upgrade to 1.7.5 which contains unrelated changes that
breaks some 3rd-party modules like ngx_drizzle, ngx_postgres, and
ngx_lua.

Regards,
-agentzh



More information about the nginx-devel mailing list