Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
Update/Patch nginx to fix integer overflow vulnerability #1734
Comments
wbnns
added
the
Under Review
label
Aug 7, 2017
wbnns
self-assigned this
Aug 7, 2017
wbnns
added
Security
and removed
Under Review
labels
Sep 17, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
reddr commentedAug 7, 2017
Bitcoin.org currently runs an nginx server in version 1.10.3 which is prone to an
integer overflow vulnerability located in its range filter that might be exploited to leak sensitive data (CVE-2017-7529). More information: https://nginx.org/en/security_advisories.html
Proposed fix: Either apply the provided fix to the current version or update to the patched versions 1.12.1 or 1.13.3