On Thu, Jul 29, 2010 at 10:16 AM, Kartik Mistry <[email protected]> wrote: > On Thu, Jul 29, 2010 at 10:02 AM, Moritz Muehlenhoff <[email protected]> wrote: >> Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2266 >> >> There's no further information so far. Probably upstream should be >> contacted next. > > Thanks a lot. Since, we don't have 0.8.36 in Debian - I'll quickly > contact upstream now if this is affected to package in Debian or not!
Hi Moritz, Just got email from upstream: > Is this affected to 0.7.x stable branch too? No, this is nginx/Windows only bug. nginx/Windows try to convert UTF-8 sequence "%c0.%c0." into Windows native UTF-16. So, this can be safely close. -- Kartik Mistry Debian GNU/Linux Developer IRC: kart_ | Identica: @kartikm -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

