[ANNOUNCE] Tengine-1.4.6 (fixed CVE-2013-2070)

Weibin Yao yaoweibin at gmail.com
Tue May 14 09:40:36 UTC 2013


Hi folks,

Tengine-1.4.6 (development version) has been released.
You can either checkout the source code from github:
https://github.com/alibaba/tengine or download the tar ball directly:
http://tengine.taobao.org/download/tengine-1.4.6.tar.gz

We have merged the changes from nginx-1.2.9 which fixed the security
problem CVE-2013-2070. Contents of worker process memory might be
disclosed if HTTP backend server returned specially crafted response.
This could cause denial of service or a disclosure of memory.

If you are using Tengine-1.4.x and proxy_pass to untrusted upstream HTTP
servers, please upgrade to this version as soon as possible!

Regards,

-- 
Weibin Yao
Developer @ Server Platform Team of Taobao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130514/862a80ae/attachment.html>


More information about the nginx mailing list