[Git][security-tracker-team/security-tracker][master] nginx DSA

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat May 16 18:28:52 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4390b992 by Moritz Mühlenhoff at 2026-05-16T19:28:04+02:00
nginx DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2103,6 +2103,7 @@ CVE-2026-42946 (A vulnerability exists in the ngx_http_scgi_moduleand ngx_http_u
 	NOTE: https://github.com/nginx/nginx/commit/39d7d0ba0799fcff6baee52b6525f45739593cfd (release-1.30.1)
 CVE-2026-40460 (When NGINX Plus or NGINX Open Source are configured to use the HTTP/3  ...)
 	- nginx 1.30.0-4
+	[trixie] - nginx 1.26.3-3+deb13u5
 	[bookworm] - nginx <not-affected> (Vulnerable code not present, introduced in 1.25.0)
 	[bullseye] - nginx <not-affected> (Vulnerable code not present, introduced in 1.25.0)
 	NOTE: https://my.f5.com/manage/s/article/K000161068


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[16 May 2026] DSA-6278-1 nginx - security update
+	{CVE-2026-40701 CVE-2026-42934 CVE-2026-42945 CVE-2026-42946}
+	[bookworm] - nginx 1.22.1-9+deb12u7
+	[trixie] - nginx 1.26.3-3+deb13u5
 [15 May 2026] DSA-6277-1 openjpeg2 - security update
 	{CVE-2026-6192}
 	[bookworm] - openjpeg2 2.5.0-2+deb12u3


=====================================
data/dsa-needed.txt
=====================================
@@ -62,9 +62,6 @@ netatalk
 --
 netty
 --
-nginx
-  Maintainer is preparing updates
---
 opennds/oldstable
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4390b99293ebc3ee7167b05b502188456776a0fe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4390b99293ebc3ee7167b05b502188456776a0fe
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260516/72189342/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list