On Thu, Jul 29, 2010 at 10:16 AM, Kartik Mistry <[email protected]> wrote:
> On Thu, Jul 29, 2010 at 10:02 AM, Moritz Muehlenhoff <[email protected]> wrote:
>> Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2266
>>
>> There's no further information so far. Probably upstream should be
>> contacted next.
>
> Thanks a lot. Since, we don't have 0.8.36 in Debian - I'll quickly
> contact upstream now if this is affected to package in Debian or not!

Hi Moritz,

Just got email from upstream:

> Is this affected to 0.7.x stable branch too?

No, this is nginx/Windows only bug.
nginx/Windows try to convert UTF-8 sequence "%c0.%c0." into Windows
native UTF-16.

So, this can be safely close.

-- 
Kartik Mistry
Debian GNU/Linux Developer
IRC: kart_ | Identica: @kartikm



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to