Debian packages for CVE-2013-4547

Christos Trochalakis yatiohi at
Fri Nov 22 07:49:08 UTC 2013

On Tue, Nov 19, 2013 at 07:02:21PM +0400, Maxim Dounin wrote:
>Ivan Fratric of the Google Security Team discovered a bug in nginx,
>which might allow an attacker to bypass security restrictions in certain
>configurations by using a specially crafted request, or might have
>potential other impact (CVE-2013-4547).

I wanted to inform the list that debian has uploaded packages to handle
the issue:

nginx 1.2.1-2.2+wheezy2 for wheezy (includes the backported patch)
nginx 1.4.4-1 for sid

More information about the nginx mailing list