-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3908-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff July 12, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : nginx CVE ID : CVE-2017-7529 An integer overflow has been found in the HTTP range module of Nginx, a high-performance web and reverse proxy server, which may result in information disclosure. For the oldstable distribution (jessie), this problem has been fixed in version 1.6.2-5+deb8u5. For the stable distribution (stretch), this problem has been fixed in version 1.10.3-1+deb9u1. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your nginx packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAllmk5oACgkQEMKTtsN8 TjYNGw//R3z6dyOTpQ6/ONw0kAi+MekP43AQXuvgBw1GrrHAZRsftfESmnIE0+aQ vCFBfMBXzK/dkkRDwoT3hzXW/hilJHrbSOYUYnVKiFue1qKd/Vr1GzCf7P5C9hy/ 6B1j37dnluJm+EI0pgs9MgE8nfe9CBAkAjL5YZn2/W8cisYUmKQz+BCMgHJjuQc4 rPVZPsCIltvgISUqH2QaFMlLmrZQGQqmVTswX0uiFX5gWgpB8xyAK+Sz8wNVRMzK xOuXiwH6fp/jbZRjgWPMv47X5H8k9WPf/u1xOLkJo+iADBYyKeQtmJRiqI9+YYv9 vzrPlYCLUK+q4iN+doCnaIsLsoCaZYRz4qVnhSRdDfi/yzVecvVhOio13Pspi7Cb VSgT1T2iTEDI872criSQA2bqRpGsW9gdIpfV8uxbl78vBoPQgKXKveLFSq+mxxkV dAtgR746ACCFWkoMMLeWNDJinOxO2TTgGBmYynDFijZ7T3YPtd0XvJZ1v654iM7z VCAnrfRwW/HiqC+Uz/USsrdYt1i2riGJmOX/irZMy30TwrAl4JMkAvz0wMAdeD59 zfBTpNnJRY6leyuhyhMzu8a+olWuFz5ZU0hu1SsNFvyT5gEtpdFirzyVLYbhXHCN 0wUgLGSydmdf/ndjq4WOu/qgHoCxZrjd8eM1WpCGpv14XdJ+zKk= =uZZa -----END PGP SIGNATURE-----