On Thu, Jul 29, 2010 at 10:16 AM, Kartik Mistry <kartik.mis...@gmail.com> wrote: > On Thu, Jul 29, 2010 at 10:02 AM, Moritz Muehlenhoff <j...@debian.org> wrote: >> Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2266 >> >> There's no further information so far. Probably upstream should be >> contacted next. > > Thanks a lot. Since, we don't have 0.8.36 in Debian - I'll quickly > contact upstream now if this is affected to package in Debian or not!
Hi Moritz, Just got email from upstream: > Is this affected to 0.7.x stable branch too? No, this is nginx/Windows only bug. nginx/Windows try to convert UTF-8 sequence "%c0.%c0." into Windows native UTF-16. So, this can be safely close. -- Kartik Mistry Debian GNU/Linux Developer IRC: kart_ | Identica: @kartikm -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
