Bug#742059: nginx: CVE-2014-0133: SPDY heap buffer overflow

yatiohi Tue, 18 Mar 2014 13:18:45 -0700

Hello Henri,

On Tue, Mar 18, 2014 at 08:02:25PM +0200, Henri Salo wrote:

Source: nginx
Version: 1.4.6-1
Severity: grave
Tags: security, fixed-upstream


http://nginx.org/en/security_advisories.html
http://nginx.org/download/patch.2014.spdy2.txt

Not vulnerable: 1.5.12+, 1.4.7+
Vulnerable: 1.3.15-1.5.11

---
Henri Salo


Thank you for the quick bug report,

we are not vulnerable since nginx is compiled with the --with-debug
configure option. Although, we will release 1.4.7-1 shortly to follow
upstream and include a few module updates as well.


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#742059: nginx: CVE-2014-0133: SPDY heap buffer overflow

Reply via email to