Updated patch for CVE-2013-2070 ?
Cyril Lavier
cyril.lavier at davromaniak.eu
Fri Jun 7 06:37:49 UTC 2013
Hello.
As stated here
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708164), the patch
nginx developers wrote for fixing CVE-2013-2070 is not 100% correct C.
This is a big issue for us (I'm part of the nginx debian packaging
team), because this patch can be applied on the Debian Wheezy's packages
(1.2.1) but won't be accepted in the repositories because the patch can
create new security issues.
Does anyone has an updated version of this patch ?
Thanks.
--
Cyril "Davromaniak" Lavier
KeyID 59E9A881
http://www.davromaniak.eu
More information about the nginx
mailing list