-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Jun 2026 12:22:02 +0000
Source: nginx
Binary: libnginx-mod-http-geoip libnginx-mod-http-geoip-dbgsym libnginx-mod-http-image-filter libnginx-mod-http-image-filter-dbgsym libnginx-mod-http-perl libnginx-mod-http-perl-dbgsym libnginx-mod-http-xslt-filter libnginx-mod-http-xslt-filter-dbgsym libnginx-mod-mail libnginx-mod-mail-dbgsym libnginx-mod-stream libnginx-mod-stream-dbgsym libnginx-mod-stream-geoip libnginx-mod-stream-geoip-dbgsym nginx nginx-dbgsym nginx-extras
Architecture: amd64
Version: 1.26.3-3+deb13u6
Distribution: trixie-security
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-csail-01) <buildd_amd64-x86-csail-01@buildd.debian.org>
Changed-By: Jan Mojžíš <janmojzis@debian.org>
Description:
 libnginx-mod-http-geoip - GeoIP HTTP module for Nginx
 libnginx-mod-http-image-filter - HTTP image filter module for Nginx
 libnginx-mod-http-perl - Perl module for Nginx
 libnginx-mod-http-xslt-filter - XSLT Transformation module for Nginx
 libnginx-mod-mail - Mail module for Nginx
 libnginx-mod-stream - Stream module for Nginx
 libnginx-mod-stream-geoip - GeoIP Stream module for Nginx
 nginx      - small, powerful, scalable web/proxy server
 nginx-extras - nginx web/proxy server (extended version)
Changes:
 nginx (1.26.3-3+deb13u6) trixie-security; urgency=medium
 .
   * Apply both patches to fix CVE-2026-42946. In the previous version,
     only one part of the patch was applied, so the fix was incomplete.
     This really fixes CVE-2026-42946, thanks to charles@debian.org for
     pointing it out.
     * d/p/CVE-2026-42946.patch rename to d/p/CVE-2026-42946.2.patch
     * d/p/CVE-2026-42946.1.patch add
   * backport fix for buffer overflow vulnerability in the
     ngx_http_rewrite_module (CVE-2026-9256) from upstream 1.30.2 nginx.
     * d/p/CVE-2026-9256.patch add
   * backport max_headers directive from upstream nginx. It limits the number
     of request headers accepted from clients. Fixes remote denial-of-service
     exploit.
     And move max_headers from core module to the ngx_http_header_count_module
     to avoid potential ABI breakage and keep all the 3rd party modules
     compatible with the new version of nginx without recompilation.
     A big thanks to Miao Wang for preparing the modification.
     Fixes TEMP-1138794-BADE22.
     * d/p/FIX-HTTP2bomb.patch add
Checksums-Sha1:
 7d4243dd72de0e87abf727a872b8de60c6b847c2 38108 libnginx-mod-http-geoip-dbgsym_1.26.3-3+deb13u6_amd64.deb
 17d6fcc8e60f602cdce228ffbb8eae2e3d6596bc 89056 libnginx-mod-http-geoip_1.26.3-3+deb13u6_amd64.deb
 0aa55cd2e1986a3566e70a875fe475ef77626ea0 46404 libnginx-mod-http-image-filter-dbgsym_1.26.3-3+deb13u6_amd64.deb
 28cc8960919244a0a3ec2ef6856e6e4114d02188 92828 libnginx-mod-http-image-filter_1.26.3-3+deb13u6_amd64.deb
 bf3a6e0746a9f20d7ba873e045c50f73460caddf 109628 libnginx-mod-http-perl-dbgsym_1.26.3-3+deb13u6_amd64.deb
 2ff1e479ae3e0b1caf4a79ee355346539144cdad 101260 libnginx-mod-http-perl_1.26.3-3+deb13u6_amd64.deb
 3ac8b21dead0f54fbb8104e48f8e86bf274140a5 54408 libnginx-mod-http-xslt-filter-dbgsym_1.26.3-3+deb13u6_amd64.deb
 74d56500e6183bde32469e86c337ff5b53595839 91276 libnginx-mod-http-xslt-filter_1.26.3-3+deb13u6_amd64.deb
 df348d99f3533383198768ad9b3ff7fb6136f42e 105140 libnginx-mod-mail-dbgsym_1.26.3-3+deb13u6_amd64.deb
 765e76ee52b7187b7298b13eec3b0175478937b5 123080 libnginx-mod-mail_1.26.3-3+deb13u6_amd64.deb
 f82784127aa5c5b86264970f804cde0ce1201cb4 185788 libnginx-mod-stream-dbgsym_1.26.3-3+deb13u6_amd64.deb
 70712aba509a9a2bfa7cc642e850af2efed954da 24020 libnginx-mod-stream-geoip-dbgsym_1.26.3-3+deb13u6_amd64.deb
 5747fb41c1f61125b37061bb99e73ab1935775a8 88264 libnginx-mod-stream-geoip_1.26.3-3+deb13u6_amd64.deb
 e38294e7970a73e931b6855dd065bca626358445 153192 libnginx-mod-stream_1.26.3-3+deb13u6_amd64.deb
 3533fa7ab7617473014be633e371b23a8e6a0bb7 1342592 nginx-dbgsym_1.26.3-3+deb13u6_amd64.deb
 7ec27d3a233aaa2da46f839ca26f0749bad127c6 84488 nginx-extras_1.26.3-3+deb13u6_amd64.deb
 f41357e4c63a1f387d6072c086a78c9130d46264 13951 nginx_1.26.3-3+deb13u6_amd64-buildd.buildinfo
 06fa03eda1b4bd70a8be92a94b9e69b3cafc84ac 611300 nginx_1.26.3-3+deb13u6_amd64.deb
Checksums-Sha256:
 e209a8e8ee5d348441b12eb2e38ed27744d937de32dae9118cb4c505660173f0 38108 libnginx-mod-http-geoip-dbgsym_1.26.3-3+deb13u6_amd64.deb
 6f181b15b95faf00d30e92a7ba5970cd75aa08a1750d46de4c58a3d9f26a1f49 89056 libnginx-mod-http-geoip_1.26.3-3+deb13u6_amd64.deb
 ff9c3b342efa2d22b72385259f4af82ccbf3c4990d1c2bfc3db91524da22f9e8 46404 libnginx-mod-http-image-filter-dbgsym_1.26.3-3+deb13u6_amd64.deb
 5bd0b5141f8c0b840fb0ff5d5c5e63e78cca0901bb5e517d2857c52851f1437d 92828 libnginx-mod-http-image-filter_1.26.3-3+deb13u6_amd64.deb
 46523039cb149cd76defae7818d09c35b9e337a6e4261d2980094961958166ed 109628 libnginx-mod-http-perl-dbgsym_1.26.3-3+deb13u6_amd64.deb
 8a7eb01cdd81e1fdf88619df37228d12fcb50e0a24d81fa3fd9508b1097dc68c 101260 libnginx-mod-http-perl_1.26.3-3+deb13u6_amd64.deb
 b032cf07ac3c87827e6a82e55150a6144f37147b5baa61fcc051e93ba2877076 54408 libnginx-mod-http-xslt-filter-dbgsym_1.26.3-3+deb13u6_amd64.deb
 5e329e64ad1def6dbd6fdfe561ecc5af3589d90b91cadcc161d09b0aceb01605 91276 libnginx-mod-http-xslt-filter_1.26.3-3+deb13u6_amd64.deb
 98b84a94dccebf751cacd538216f6e5caaaeeae666a54b087b5086678ea2a881 105140 libnginx-mod-mail-dbgsym_1.26.3-3+deb13u6_amd64.deb
 a3ee86417e766fee2a9b2b2e5ebf16d933266fc6a067c54d7cd0ee73b2b59298 123080 libnginx-mod-mail_1.26.3-3+deb13u6_amd64.deb
 caa4595fd0e95f7e6b7f24a8dab95cac97f2740095deb2ae520876f0e22d9240 185788 libnginx-mod-stream-dbgsym_1.26.3-3+deb13u6_amd64.deb
 3e990e1dc75bd78a2e18279f6cc8269bab46fc8ab088ac4e9a74da7e5d741632 24020 libnginx-mod-stream-geoip-dbgsym_1.26.3-3+deb13u6_amd64.deb
 8682cee0a04c10b0ddf8683d7d265c222b2158e22abdef174f712b9692b580db 88264 libnginx-mod-stream-geoip_1.26.3-3+deb13u6_amd64.deb
 148b82f098039f5218948345fba77538cefebcc6d72c8ba910f8d444c5f5dcce 153192 libnginx-mod-stream_1.26.3-3+deb13u6_amd64.deb
 56ad0634691b6c4aa71c21c030fbd7556bd90c7ad270e40a4805efad851fc257 1342592 nginx-dbgsym_1.26.3-3+deb13u6_amd64.deb
 93f91a8da023f8e7b7094c98cf00222b6a9bdc501de84924bdf8c5945720fdd2 84488 nginx-extras_1.26.3-3+deb13u6_amd64.deb
 af0f49211a644d0d39c917552c61a591de0e0fb793b84f4b12eb7dd07c8d79c3 13951 nginx_1.26.3-3+deb13u6_amd64-buildd.buildinfo
 16529deebb514f3d39fae37bbb71c60d02f64d1861b1904c52e8ae5dac2b8e2f 611300 nginx_1.26.3-3+deb13u6_amd64.deb
Files:
 b9d4c6430cae336d7f6d90fa2180a83f 38108 debug optional libnginx-mod-http-geoip-dbgsym_1.26.3-3+deb13u6_amd64.deb
 09d92e2ba402133e8c8f18e3da9ec3a9 89056 httpd optional libnginx-mod-http-geoip_1.26.3-3+deb13u6_amd64.deb
 c80442bfcd2b6bd326961e106c924d82 46404 debug optional libnginx-mod-http-image-filter-dbgsym_1.26.3-3+deb13u6_amd64.deb
 12a49a899b276ccfd4fe653d08cd711f 92828 httpd optional libnginx-mod-http-image-filter_1.26.3-3+deb13u6_amd64.deb
 a2a83d7c25ae0e5d05d7e996cf0d36f2 109628 debug optional libnginx-mod-http-perl-dbgsym_1.26.3-3+deb13u6_amd64.deb
 0b0541fae242853e411e59fdb1900783 101260 httpd optional libnginx-mod-http-perl_1.26.3-3+deb13u6_amd64.deb
 d073ea16f2df3ec15dbfdf1b2ae0942d 54408 debug optional libnginx-mod-http-xslt-filter-dbgsym_1.26.3-3+deb13u6_amd64.deb
 0ee48973a5dc6d70092e4a47d09d484b 91276 httpd optional libnginx-mod-http-xslt-filter_1.26.3-3+deb13u6_amd64.deb
 3abc81e03a5aa9747035d0e86959c43f 105140 debug optional libnginx-mod-mail-dbgsym_1.26.3-3+deb13u6_amd64.deb
 f5c55d397b3fd2c74d71d1b8289188b6 123080 httpd optional libnginx-mod-mail_1.26.3-3+deb13u6_amd64.deb
 bd6a0782eb65d6e95f95b22f4caf37ba 185788 debug optional libnginx-mod-stream-dbgsym_1.26.3-3+deb13u6_amd64.deb
 117a6b8381a67924538641fa6c4c4b02 24020 debug optional libnginx-mod-stream-geoip-dbgsym_1.26.3-3+deb13u6_amd64.deb
 d433105f68fcf90764cb181f9ec62566 88264 httpd optional libnginx-mod-stream-geoip_1.26.3-3+deb13u6_amd64.deb
 ec1ee8d84be3e73104abc47055a102b4 153192 httpd optional libnginx-mod-stream_1.26.3-3+deb13u6_amd64.deb
 3c1a608cc48dd12abb7c80a3fceffd5f 1342592 debug optional nginx-dbgsym_1.26.3-3+deb13u6_amd64.deb
 443070ca8a21b6113d70374de2f4ce88 84488 httpd optional nginx-extras_1.26.3-3+deb13u6_amd64.deb
 b1ab39b93f03550019a600fe07a98368 13951 httpd optional nginx_1.26.3-3+deb13u6_amd64-buildd.buildinfo
 9fd65dad14741836fdc3b3cd74059c01 611300 httpd optional nginx_1.26.3-3+deb13u6_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBDWXQb2umOtH4DRpYg9P9sm2dfEFAmokM3YACgkQYg9P9sm2
dfFyTg//YLilF4j5XvUzdOpRqqYkCJ4Mep7SxnZkid7LCJ0rQa2eo1J3RoA0ZJS8
HZCiLzVIp9KcKMtY9pNjdTZLRs0MjzvvzMjn+uholAyYzPDKdthMr9pz9iEA2LLR
ldVtz8+i1wHFdyuFzJQJJvRcavcYaOFxT4GolD60peipkEovKdZqkyzaKNP0KoIh
eZSNL047XuTqopDRXIzhmbPlKRVFuuVCBl0Pd6JPsJTnwan24tQbtASVc2i6g2rs
WQ5RWOoS+9CHzmwuwWAuZ9A23YaLI0WGlpH8gThaLl3nezAHxx2655wJVgeFqwFM
IeElpKmPwvlfnYnBkvOVGyVBrijnjparMsi0FDdzLR49q/b2t0uVkMJaKz1a/wMJ
trF6pFtkGWZAnsCQAJZ/ZPThUHmjbVtx9f5b3dINNRgH3PkFeSPEHLlYeN2FYc7n
v0QsOnvWnE1STwFE6Hop6Z4PRvBMPUMWPGUhD86z2Np5cuAT7MUkJKEolTqdCmJF
pSOXXYoKHiiJqOxwrREM3fuYE2ABj9mbMMCwBaLCZYeU4elHPcSz2tS1A+UKnzBe
DhVKtGgC9K2nYHLDjmm963FVz53nQA1FB/BUKXAadlMyJ+gFHfS7cPNEkOuQ7dM+
6tEPCai7GFD/+H1zy+5BcxCE5eNoYQowtDuAqmhaflOAhh6SRrw=
=CPI0
-----END PGP SIGNATURE-----