[Git][security-tracker-team/security-tracker][master] libnginx-mod-http-lua ospu
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Aug 31 12:04:09 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a8a18ac5 by Moritz Mühlenhoff at 2025-08-31T13:03:07+02:00
libnginx-mod-http-lua ospu
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -39745,6 +39745,7 @@ CVE-2024-46546 (NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain
CVE-2024-33452 (An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a r ...)
{DLA-4228-1}
- libnginx-mod-http-lua 1:0.10.27-1
+ [bookworm] - libnginx-mod-http-lua <no-dsa> (Minor issue)
- nginx 1.22.0-3
NOTE: src:nginx/1.22.0-3 removed the http-lua module and moved it to a separate package
NOTE: https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -372,3 +372,5 @@ CVE-2025-53859
[bookworm] - nginx 1.22.1-9+deb12u3
CVE-2025-55291
[bookworm] - shaarli 0.12.1+dfsg-8+deb12u1
+CVE-2024-33452
+ [bookworm] - libnginx-mod-http-lua 1:0.10.23-1+deb12u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8a18ac53f92e313d25a43a9d79f6f41ba023e0d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8a18ac53f92e313d25a43a9d79f6f41ba023e0d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250831/5729fda5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list