[Git][security-tracker-team/security-tracker][master] Track fixed version for nginx issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 16 08:03:07 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fc3e70c2 by Salvatore Bonaccorso at 2026-05-16T09:02:42+02:00
Track fixed version for nginx issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1960,20 +1960,20 @@ CVE-2026-42945 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx
NOTE: https://nginx.org/en/security_advisories.html
NOTE: https://github.com/nginx/nginx/commit/524977e7c534e87e5b55739fa74601c9f1102686 (release-1.30.1)
CVE-2026-42946 (A vulnerability exists in the ngx_http_scgi_moduleand ngx_http_uwsgi_m ...)
- - nginx <unfixed>
+ - nginx 1.30.0-4
NOTE: https://my.f5.com/manage/s/article/K000161027
NOTE: https://nginx.org/en/security_advisories.html
NOTE: https://github.com/nginx/nginx/commit/baef7fdac28e4e1fe26509b50b8d15603393e28e (release-1.30.1)
NOTE: https://github.com/nginx/nginx/commit/39d7d0ba0799fcff6baee52b6525f45739593cfd (release-1.30.1)
CVE-2026-40460 (When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 ...)
- - nginx <unfixed>
+ - nginx 1.30.0-4
[bookworm] - nginx <not-affected> (Vulnerable code not present, introduced in 1.25.0)
[bullseye] - nginx <not-affected> (Vulnerable code not present, introduced in 1.25.0)
NOTE: https://my.f5.com/manage/s/article/K000161068
NOTE: https://nginx.org/en/security_advisories.html
NOTE: https://github.com/nginx/nginx/commit/5461e8bbc09230a4cf8e3d7737c176ae69b091f1 (release-1.30.1)
CVE-2026-42926 (When NGINX Open Source is configured to proxy HTTP/2 traffic by settin ...)
- - nginx <unfixed>
+ - nginx 1.30.0-4
[trixie] - nginx <not-affected> (Vulnerable code not present, introduced in 1.29.4)
[bookworm] - nginx <not-affected> (Vulnerable code not present, introduced in 1.29.4)
[bullseye] - nginx <not-affected> (Vulnerable code not present, introduced in 1.29.4)
@@ -1982,12 +1982,12 @@ CVE-2026-42926 (When NGINX Open Source is configured to proxy HTTP/2 traffic by
NOTE: https://github.com/nginx/nginx/commit/ce3362cfd5c3e1434a6151cfa585b89114389da7 (release-1.30.1)
NOTE: https://github.com/nginx/nginx/commit/a0e742944db64d8a547cc2e7a0ba4c2e85cd4b98 (release-1.30.1)
CVE-2026-40701 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...)
- - nginx <unfixed>
+ - nginx 1.30.0-4
NOTE: https://my.f5.com/manage/s/article/K000161021
NOTE: https://nginx.org/en/security_advisories.html
NOTE: https://github.com/nginx/nginx/commit/d2b8d47741820c9fb134c6731ecb40b21f3085b1 (release-1.30.1)
CVE-2026-42934 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ ...)
- - nginx <unfixed>
+ - nginx 1.30.0-4
NOTE: https://my.f5.com/manage/s/article/K000161028
NOTE: https://nginx.org/en/security_advisories.html
NOTE: https://github.com/nginx/nginx/commit/54b7945961b2eaafc480d6b85d9635d0db1c126a (release-1.30.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc3e70c2276d4d49801cd2fc2a28876dbaba4048
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc3e70c2276d4d49801cd2fc2a28876dbaba4048
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260516/750ed888/attachment.htm>
More information about the debian-security-tracker-commits
mailing list