[Secure-testing-team] Bug#708164: nginx proxy_pass buffer overflow (CVE-2013-2070)
Thijs Kinkhorst
thijs at debian.org
Mon May 13 16:47:21 UTC 2013
Package: nginx
Version: 1.2.1-2.2
Severity: serious
Tags: security patch
Hi,
A buffer overflow in the proxy_pass module has been reported by
Nginx upstream, and a patch made available. Please see:
http://www.openwall.com/lists/oss-security/2013/05/13/3
The issue is already fixed in the version in sid, and as far
as I can see the code is not present in squeeze.
Can you ensure that (a) the RC bug against nginx in sid is dealt with
so the fixed package can migrate to jessie, and (b) prepare an update
to wheezy?
Thanks,
Thijs
More information about the Secure-testing-team
mailing list