[Git][security-tracker-team/security-tracker][master] 2 commits: lts: claim nginx in dla-needed.txt

Carlos Henrique Lima Melara (@charles) gitlab at salsa.debian.org
Thu May 14 13:15:14 BST 2026 


Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f7af067 by Carlos Henrique Lima Melara at 2026-05-14T14:14:29+02:00
lts: claim nginx in dla-needed.txt

- - - - -
99846aa1 by Carlos Henrique Lima Melara at 2026-05-14T14:14:37+02:00
CVE-2025-53859/nginx: add reference to commit fixing the CVE

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -119132,6 +119132,7 @@ CVE-2025-53859 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx
 	[bullseye] - nginx <postponed> (minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/08/13/5
 	NOTE: https://nginx.org/download/patch.2025.smtp.txt
+	NOTE: Fixed by: https://github.com/nginx/nginx/commit/765642b86e0df1b5ef37f42522be7d08d95909c9 (release-1.29.1)
 CVE-2025-54472 (Unlimited memory allocation in redis protocol parser in Apache bRPC (a ...)
 	- brpc <itp> (bug #1060006)
 CVE-2024-36331 (Improper initialization of CPU cache memory could allow a privileged a ...)


=====================================
data/dla-needed.txt
=====================================
@@ -341,7 +341,7 @@ netty (rouca)
   NOTE: 20260114: fix remaining CVE wait DSA (rouca)
   NOTE: 20200331: release DLA-4519-1 netty. Unfortunatly partial due to new CVEs (rouca)
 --
-nginx
+nginx (charles)
   NOTE: 20260328: Added by Front-Desk (Beuc)
   NOTE: 20260328: 6 new CVEs; also follow DSA-6131-1 (1 CVE)
   NOTE: 20260328: and bookworm 12.12 (1 CVE) (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3b65f6c30f805117526194c33611dff51d6da2fe...99846aa12ae1468cba987668f8117c49de858d1c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3b65f6c30f805117526194c33611dff51d6da2fe...99846aa12ae1468cba987668f8117c49de858d1c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260514/dda4b006/attachment.htm>

More information about the debian-security-tracker-commits mailing list