lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.BSF.2.00.1304291907090.45180@mp2.macomnet.net> Date: Mon, 29 Apr 2013 19:08:20 +0400 (MSK) From: Maxim Konovalov <maxim.konovalov@...il.com> To: bugtraq@...urityfocus.com Subject: Re: Nginx ngx_http_close_connection function integer overflow Hello, Recently a report appeared alleging an integer overflow vulnerability in nginx, claiming remote code execution impact. We've carefully investigated the issue, and cannot confirm the alleged vulnerability exists. Taking this opportunity to remind: if you think you've found a security issue in nginx - it's a good idea to report it to security-alert@...nx.org, as listed at the nginx security advisories page here: http://nginx.org/en/security_advisories.html -- Maxim Konovalov
Powered by blists - more mailing lists