[Git][security-tracker-team/security-tracker][master] update data for nginx
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 13 22:17:11 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d9579ac6 by Moritz Muehlenhoff at 2026-05-13T23:15:42+02:00
update data for nginx
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,21 +3,40 @@ CVE-2026-42945
NOTE: https://www.openwall.com/lists/oss-security/2026/05/13/7
NOTE: https://depthfirst.com/research/nginx-rift-achieving-nginx-rce-via-an-18-year-old-vulnerability
NOTE: https://my.f5.com/manage/s/article/K000161019
+ NOTE: https://nginx.org/en/security_advisories.html
+ NOTE: https://github.com/nginx/nginx/commit/524977e7c534e87e5b55739fa74601c9f1102686 (release-1.30.1)
CVE-2026-42946
- nginx <unfixed>
NOTE: https://my.f5.com/manage/s/article/K000161027
+ NOTE: https://nginx.org/en/security_advisories.html
+ NOTE: https://github.com/nginx/nginx/commit/baef7fdac28e4e1fe26509b50b8d15603393e28e (release-1.30.1)
+ NOTE: https://github.com/nginx/nginx/commit/39d7d0ba0799fcff6baee52b6525f45739593cfd (release-1.30.1)
CVE-2026-40460
- nginx <unfixed>
+ [bookworm] - nginx <not-affected> (Vulnerable code not present, introduced in 1.25.0)
+ [bullseye] - nginx <not-affected> (Vulnerable code not present, introduced in 1.25.0)
NOTE: https://my.f5.com/manage/s/article/K000161068
+ NOTE: https://nginx.org/en/security_advisories.html
+ NOTE: https://github.com/nginx/nginx/commit/5461e8bbc09230a4cf8e3d7737c176ae69b091f1 (release-1.30.1)
CVE-2026-42926
- nginx <unfixed>
+ [trixie] - nginx <not-affected> (Vulnerable code not present, introduced in 1.29.4)
+ [bookworm] - nginx <not-affected> (Vulnerable code not present, introduced in 1.29.4)
+ [bullseye] - nginx <not-affected> (Vulnerable code not present, introduced in 1.29.4)
NOTE: https://my.f5.com/manage/s/article/K000161131
+ NOTE: https://nginx.org/en/security_advisories.html
+ NOTE: https://github.com/nginx/nginx/commit/ce3362cfd5c3e1434a6151cfa585b89114389da7 (release-1.30.1)
+ NOTE: https://github.com/nginx/nginx/commit/a0e742944db64d8a547cc2e7a0ba4c2e85cd4b98 (release-1.30.1)
CVE-2026-40701
- nginx <unfixed>
NOTE: https://my.f5.com/manage/s/article/K000161021
+ NOTE: https://nginx.org/en/security_advisories.html
+ NOTE: https://github.com/nginx/nginx/commit/d2b8d47741820c9fb134c6731ecb40b21f3085b1 (release-1.30.1)
CVE-2026-42934
- nginx <unfixed>
NOTE: https://my.f5.com/manage/s/article/K000161028
+ NOTE: https://nginx.org/en/security_advisories.html
+ NOTE: https://github.com/nginx/nginx/commit/54b7945961b2eaafc480d6b85d9635d0db1c126a (release-1.30.1)
CVE-2026-46300
- linux <unfixed>
NOTE: https://github.com/v12-security/pocs/tree/main/fragnesia
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9579ac6686c201f348987d6fee5410f0f133a7a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9579ac6686c201f348987d6fee5410f0f133a7a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260513/d7a9bbea/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list