[Pkg-nginx-maintainers] nginx_1.22.1-9+deb12u5_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

Sat Apr 4 20:34:12 BST 2026

Thank you for your contribution to Debian.

Mapping bookworm to oldstable.
Mapping oldstable to oldstable-proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Mar 2026 19:10:24 +0000
Source: nginx
Architecture: source
Version: 1.22.1-9+deb12u5
Distribution: bookworm
Urgency: medium
Maintainer: Debian Nginx Maintainers <pkg-nginx-maintainers at alioth-lists.debian.net>
Changed-By: Jan Mojžíš <janmojzis at debian.org>
Changes:
 nginx (1.22.1-9+deb12u5) bookworm; urgency=medium
 .
   * backport changes from upstream nginx, fixes for buffer overflow
     vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow
     vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647),
     mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753)
     and OCSP result bypass vulnerability in stream (CVE-2026-28755)
     * d/p/CVE-2026-27651.patch add
     * d/p/CVE-2026-27654.patch add
     * d/p/CVE-2026-27784.patch add
     * d/p/CVE-2026-28753.patch add
     * d/p/CVE-2026-28755.patch add
     * d/p/CVE-2026-32647.patch add
Checksums-Sha1:
 f18a5339e87bb0ebf9169135401ee5debc8b5eef 3586 nginx_1.22.1-9+deb12u5.dsc
 7ab02b36adee2a20b41faa3c365ca469725dcaaa 78504 nginx_1.22.1-9+deb12u5.debian.tar.xz
 15782c8b6a232fee079a2e25a3ef33028841e51b 8684 nginx_1.22.1-9+deb12u5_source.buildinfo
Checksums-Sha256:
 7c5ce701d19654c6b122d3209457cdf45a6aebcd3d0ca735ee05bbb70e418e6e 3586 nginx_1.22.1-9+deb12u5.dsc
 576b44d1f4c6f7d29371fb07dda0f30fee5afa72f6f5723f7dfb270f0178e5a7 78504 nginx_1.22.1-9+deb12u5.debian.tar.xz
 3c0e20a83f9e4822b7c2839198fb83da90c06e820d6cef314ac8bbf6a93a2570 8684 nginx_1.22.1-9+deb12u5_source.buildinfo
Files:
 aaf0447daaf61ef91dc9a66f5cfb2d18 3586 httpd optional nginx_1.22.1-9+deb12u5.dsc
 4f8f17c348c7a98b5af3a23d4392a13a 78504 httpd optional nginx_1.22.1-9+deb12u5.debian.tar.xz
 b9a4f8e55813a56a90af0c989723acbc 8684 httpd optional nginx_1.22.1-9+deb12u5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCgAzFiEE0Aiwwj2EeeRrn8uQRdpRdJaTn/kFAmnRYkMVHGphbm1vanpp
c0BkZWJpYW4ub3JnAAoJEEXaUXSWk5/5lmMQAIuE/hgCmO+vfH3e6WPkB49GEL4P
VMcn3xYWtVMfsw/Mk6mBsw/gv6efDX4/g5cv/Yjx/3K53L0KLWnBgwcr81CWOz7z
QfKZg3E03RGqY6ZqZEGbV8wf9S+h1/cVs9jvl872rQJqrgrBIAOeXRhDf+sMBcAL
W/kr+tDrgYIZOo7PZL4ks+1Y6K+1lPdULf1j6wmTaOtMnM6dB1iiUYh0SDo9vQP0
5Oc7uQ3pPIFeSgPK8aMRpUbRfhBC/fMyd2bOdqBUi8DaifB5+5TS/0Tcjd30a9xp
iTfnQ2ehA+Ql1sJFn7VAZaUfZbI8NP2RCc0MvqGlPNAtCOQ30MleXasAdm+t0WbY
+SzmBPqIw7bwlFO3QiluYmA9MJpsLeaZwdTMpVjr+aS7fLr9hd0PMLaQpOthVXr2
aXtuoFkEaAS++Oei7qjXIQ3bVqteKcj9DlGmnoUBkqQJszYBRdRi1cLDflMMqkpf
nsQk9Vv6B3OQo660voWehNWQMNUmR54PD2ncpwh41UzqL7tuiK+8sfGnntUvsS79
eBOQHQnAkh7b14bMu7BvWtlnAHEQgPd9WgHC1Ln696KJ+dPe+w9g4XcyWWsZm/4S
yda7hAAmUFuoY5su0XJQE4JTWb0P0dZM+C04s8fmbuybg8cZd8GtQAi/P+4+vYSd
9I2O7LL7YIxrYwNu
=xQIR
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-nginx-maintainers/attachments/20260404/5d2a677f/attachment.sig>