On Tue, Jan 26, 2016 at 07:32:17PM +0300, Maxim Dounin wrote:
Hello!
Several problems in nginx resolver were identified, which might allow
an attacker to cause worker process crash, or might have potential
other impact
The problems are fixed in nginx 1.9.10, 1.8.1.
Hello all,
I am one of debian's nginx maintainers, I have just uploaded
nginx-1.9.10 for unstable, so we are ready on that front. But debian
stable is also affected (1.6.x series) and we will need to prepare a
patch. Is it possible to ask for a single combined patch (or even better
an 1.6.x release)?
I know that you have a policy of providing security support for mainline
and stable (1.9, 1.8), but since there are a lot of nginx users using
debian stable, we'd be glad if we could cooperate and make an exception
whenever possible.
Thanks again,
Christos
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
