[Git][security-tracker-team/security-tracker][master] Add new nginx issues

Sat Mar 28 12:59:38 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d870eeaa by Salvatore Bonaccorso at 2026-03-28T13:59:14+01:00
Add new nginx issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3092,7 +3092,9 @@ CVE-2026-32853 (LibVNCServer versions 0.9.15 and prior (fixed incommit 009008e)
 	NOTE: https://github.com/LibVNC/libvncserver/security/advisories/GHSA-87q7-v983-qwcj
 	NOTE: Fixed by: https://github.com/LibVNC/libvncserver/commit/009008e2f4d5a54dd71f422070df3af7b3dbc931
 CVE-2026-32647 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...)
-	TODO: check
+	- nginx 1.28.3-1
+	NOTE: https://my.f5.com/manage/s/article/K000160366
+	TODO: research fixing commit
 CVE-2026-30932 (Froxlor is open source server administration software. Prior to versio ...)
 	- froxlor <itp> (bug #581792)
 CVE-2026-30662 (ConcreteCMS v9.4.7 contains a Denial of Service (DoS) vulnerability in ...)
@@ -3112,15 +3114,25 @@ CVE-2026-29839 (DedeCMS v5.7.118 was discovered to contain a Cross-Site Request
 CVE-2026-29772 (Astro is a web framework. Prior to version 10.0.0, Astro's Server Isla ...)
 	NOT-FOR-US: Astro
 CVE-2026-28755 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_strea ...)
-	TODO: check
+	- nginx 1.28.3-2
+	NOTE: https://my.f5.com/manage/s/article/K000160368
+	TODO: research fixing commit
 CVE-2026-28753 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_ ...)
-	TODO: check
+	- nginx 1.28.3-1
+	NOTE: https://my.f5.com/manage/s/article/K000160367
+	TODO: research upstream fixing commit
 CVE-2026-27784 (The 32-bit implementation of NGINX Open Source has a vulnerability in  ...)
-	TODO: check
+	- nginx 1.28.3-1
+	NOTE: https://my.f5.com/manage/s/article/K000160364
+	TODO: research fixing commit
 CVE-2026-27654 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...)
-	TODO: check
+	- nginx 1.28.3-1
+	NOTE: https://my.f5.com/manage/s/article/K000160382
+	TODO: research fixing commit
 CVE-2026-27651 (When the ngx_mail_auth_http_modulemodule is enabled on NGINX Plus or N ...)
-	TODO: check
+	- nginx 1.28.3-1
+	NOTE: https://my.f5.com/manage/s/article/K000160383
+	TODO: research upstream commit
 CVE-2026-26809
 	REJECTED
 CVE-2026-23924 (Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.co ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d870eeaa762f775ff7fe57e5c95041d7903230ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d870eeaa762f775ff7fe57e5c95041d7903230ea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260328/597de593/attachment.htm>
