On Tue, Nov 19, 2013 at 07:02:21PM +0400, Maxim Dounin wrote:
Hello!
Ivan Fratric of the Google Security Team discovered a bug in nginx,
which might allow an attacker to bypass security restrictions in certain
configurations by using a specially crafted request, or might have
potential other impact (CVE-2013-4547).
I wanted to inform the list that debian has uploaded packages to handle
the issue:
nginx 1.2.1-2.2+wheezy2 for wheezy (includes the backported patch)
nginx 1.4.4-1 for sid
http://lists.debian.org/debian-security-announce/2013/msg00215.html
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
