Re: nginx and CVE-2016-4450

To: James Lu <bitflip3@gmail.com>
Cc: Rodrigo Campos <rodrigo@sdfg.com.ar>, debian-backports@lists.debian.org, nginx@packages.debian.org
Subject: Re: nginx and CVE-2016-4450
From: Christos Trochalakis <yatiohi@ideopolis.gr>
Date: Mon, 6 Jun 2016 10:57:56 +0300
Message-id: <[🔎] 20160606075756.GA26723@luke.ws.skroutz.gr>
In-reply-to: <[🔎] dd2b51d1-c45a-6f79-9408-79466dadb2f1@gmail.com>
References: <[🔎] 20160603213132.GE12252@sdfg.com.ar> <[🔎] dd2b51d1-c45a-6f79-9408-79466dadb2f1@gmail.com>

On Fri, Jun 03, 2016 at 06:11:07PM -0700, James Lu wrote:

On 03/06/16 02:31 PM, Rodrigo Campos wrote:

Hi,

There is a security bug that affects nginx in jessie backports, CVE-2016-4450, and
that bug has been fixed in stable and unstable. Can it be fixed in jessie
backports too, please? :)



Thanks a lot,
Rodrigo


Hi everyone,

Seeing as this was a security update, I backported nginx locally on a
server running Jessie. The results are at
https://overdrivenetworks.com/f/nginx-1.10.1-1~bpo8+1/ (signed) if there
is any interest.

CC'ing the nginx maintainers as it's probably more reliable for them to
continue maintaining backports in the long run.


I have uploaded nginx 1.9.10-1~bpo8+2. We dont want to upload 1.10.X just
yet since we want to test dynamic module support a bit more.

Reply to:

Follow-Ups:
- Re: nginx and CVE-2016-4450
  - From: Rodrigo Campos <rodrigo@sdfg.com.ar>

References:
- nginx and CVE-2016-4450
  - From: Rodrigo Campos <rodrigo@sdfg.com.ar>
- Re: nginx and CVE-2016-4450
  - From: James Lu <bitflip3@gmail.com>

Prev by Date: Re: virtualbox not fully installable
Next by Date: Request for backport: monit
Previous by thread: Re: nginx and CVE-2016-4450
Next by thread: Re: nginx and CVE-2016-4450
Index(es):
- Date
- Thread