[nginx-announce] nginx security advisory (CVE-2016-0742, CVE-2016-0746, CVE-2016-0747)
Christos Trochalakis
yatiohi at ideopolis.gr
Tue Jan 26 19:11:39 UTC 2016
On Tue, Jan 26, 2016 at 07:32:17PM +0300, Maxim Dounin wrote:
>Hello!
>
>Several problems in nginx resolver were identified, which might allow
>an attacker to cause worker process crash, or might have potential
>other impact
>
>The problems are fixed in nginx 1.9.10, 1.8.1.
>
Hello all,
I am one of debian's nginx maintainers, I have just uploaded
nginx-1.9.10 for unstable, so we are ready on that front. But debian
stable is also affected (1.6.x series) and we will need to prepare a
patch. Is it possible to ask for a single combined patch (or even better
an 1.6.x release)?
I know that you have a policy of providing security support for mainline
and stable (1.9, 1.8), but since there are a lot of nginx users using
debian stable, we'd be glad if we could cooperate and make an exception
whenever possible.
Thanks again,
Christos
More information about the nginx-devel
mailing list