Nginx Debian vulnerabilities

khatfield at khatfield at
Thu Aug 12 22:33:42 MSD 2010

That's a fairly old package and likely is still vulnerable. Igor or another developer would be best to say whether the Debian team integrates patches into their packages. (Igor is on vacation) However, personally, I would download the source for the newest legacy version (if that's what you want) and compile it yourself. 

There are detailed instructions in the wiki for installation manually. 

Prior to doing that, simply use:
apt-get remove nginx

In either case, vulnerable or not, there were quite a few fixes between .2 and .9. You would benefit from the most updated branch of your choosing.

------Original Message------
From: Mesaya at
Sender: nginx-bounces at
To: nginx at
ReplyTo: nginx at
Subject: Nginx Debian vulnerabilities
Sent: Aug 12, 2010 10:10 AM

Are the vulnerabilities listed at fixed in the recent debian lenny packet?

# nginx -v
nginx version: nginx/0.6.32

I've installed nginx through apt-get install nginx, am I vunerable to any of those vulnerabilities?
GMX DSL SOMMER-SPECIAL: Surf & Phone Flat 16.000 für nur 19,99 ¿/mtl.!*

nginx mailing list
nginx at

More information about the nginx mailing list