[Pkg-nginx-maintainers] Wheezy NGinx - CVE-2016-1247
B Tasker
btasker at swiftserve.com
Wed Nov 30 12:09:23 UTC 2016
Hi,
Although the CVE page -
https://security-tracker.debian.org/tracker/CVE-2016-1247 - shows this
as fixed in Wheezy, It doesn't look as though the issue hasn't yet been
addressed in the nginx-common deb
# dpkg-deb -R nginx-common_1.2.1-2.2+wheezy4_all.deb common
#!/bin/sh
set -e
case "$1" in
configure)
logdir="/var/log/nginx"
# Ensure existance and right state of log files and directory
if [ ! -d "$logdir" -a ! -L "$logdir" ]; then
mkdir "$logdir"
chown www-data:adm $logdir
chmod 0750 $logdir
fi
# For systemd, enable the nginx unit, but don't start it (just like the
# init script).
if [ -x /bin/systemctl ]; then
systemctl enable nginx.service >/dev/null 2>&1 || true
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# Automatically added by dh_installinit
if [ -x "/etc/init.d/nginx" ]; then
update-rc.d nginx defaults >/dev/null || exit $?
fi
# End automatically added section
exit 0
Is there a plan to apply a patch to wheezy at some point?
Thanks
Ben
More information about the Pkg-nginx-maintainers
mailing list