-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Jun 2026 12:22:02 +0000
Source: nginx
Binary: libnginx-mod-http-geoip libnginx-mod-http-geoip-dbgsym libnginx-mod-http-image-filter libnginx-mod-http-image-filter-dbgsym libnginx-mod-http-perl libnginx-mod-http-perl-dbgsym libnginx-mod-http-xslt-filter libnginx-mod-http-xslt-filter-dbgsym libnginx-mod-mail libnginx-mod-mail-dbgsym libnginx-mod-stream libnginx-mod-stream-dbgsym libnginx-mod-stream-geoip libnginx-mod-stream-geoip-dbgsym nginx nginx-dbgsym nginx-extras
Architecture: riscv64
Version: 1.26.3-3+deb13u6
Distribution: trixie-security
Urgency: medium
Maintainer: riscv64 Build Daemon (rv-osuosl-03) <buildd_riscv64-rv-osuosl-03@buildd.debian.org>
Changed-By: Jan Mojžíš <janmojzis@debian.org>
Description:
 libnginx-mod-http-geoip - GeoIP HTTP module for Nginx
 libnginx-mod-http-image-filter - HTTP image filter module for Nginx
 libnginx-mod-http-perl - Perl module for Nginx
 libnginx-mod-http-xslt-filter - XSLT Transformation module for Nginx
 libnginx-mod-mail - Mail module for Nginx
 libnginx-mod-stream - Stream module for Nginx
 libnginx-mod-stream-geoip - GeoIP Stream module for Nginx
 nginx      - small, powerful, scalable web/proxy server
 nginx-extras - nginx web/proxy server (extended version)
Changes:
 nginx (1.26.3-3+deb13u6) trixie-security; urgency=medium
 .
   * Apply both patches to fix CVE-2026-42946. In the previous version,
     only one part of the patch was applied, so the fix was incomplete.
     This really fixes CVE-2026-42946, thanks to charles@debian.org for
     pointing it out.
     * d/p/CVE-2026-42946.patch rename to d/p/CVE-2026-42946.2.patch
     * d/p/CVE-2026-42946.1.patch add
   * backport fix for buffer overflow vulnerability in the
     ngx_http_rewrite_module (CVE-2026-9256) from upstream 1.30.2 nginx.
     * d/p/CVE-2026-9256.patch add
   * backport max_headers directive from upstream nginx. It limits the number
     of request headers accepted from clients. Fixes remote denial-of-service
     exploit.
     And move max_headers from core module to the ngx_http_header_count_module
     to avoid potential ABI breakage and keep all the 3rd party modules
     compatible with the new version of nginx without recompilation.
     A big thanks to Miao Wang for preparing the modification.
     Fixes TEMP-1138794-BADE22.
     * d/p/FIX-HTTP2bomb.patch add
Checksums-Sha1:
 094913b6663eb8bc6e551e73df9e2aaaf68f8afd 38008 libnginx-mod-http-geoip-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 7b331647fa956e913560e9270cb84a4bd4a99f31 89196 libnginx-mod-http-geoip_1.26.3-3+deb13u6_riscv64.deb
 4fb61103e2fe973b80f09b7540b9d8942adc9ddb 45036 libnginx-mod-http-image-filter-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 502f13c06889389862081d167af6bdb0e4610239 92764 libnginx-mod-http-image-filter_1.26.3-3+deb13u6_riscv64.deb
 10751c5991262c4e1a47e97842afbb653366fda8 106888 libnginx-mod-http-perl-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 7f328c7a0f8f1929f138c92d85ff004ddbf840fd 101188 libnginx-mod-http-perl_1.26.3-3+deb13u6_riscv64.deb
 1e74ee8d35f7852ab9f2be83b21810b2b1a31e4f 53992 libnginx-mod-http-xslt-filter-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 4d6d87fa60963edb32a8b96aef36467a26f6943a 91220 libnginx-mod-http-xslt-filter_1.26.3-3+deb13u6_riscv64.deb
 98f0325721afbe9f94f300fa0f3e37320802421c 103768 libnginx-mod-mail-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 4d1fcf496862c827b365cd94541552accaebc306 124364 libnginx-mod-mail_1.26.3-3+deb13u6_riscv64.deb
 a141a2de187bb6bfec0528af98203a67fc51bf32 183620 libnginx-mod-stream-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 e8f1fc64f090364d6ba981f4c37cbe860dd9f228 24020 libnginx-mod-stream-geoip-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 c1b79b026b0df86943e533d2d4d04f9d8ca44b08 88492 libnginx-mod-stream-geoip_1.26.3-3+deb13u6_riscv64.deb
 62f6b28c66b5c92e7255b94820b8b90d9f7bfb30 155596 libnginx-mod-stream_1.26.3-3+deb13u6_riscv64.deb
 6b76e626dd42d117f247cf368e33b5e69cbee3b2 1315392 nginx-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 bd7b2106904c0606eb1f47d6189db12ad5cd5dbc 84484 nginx-extras_1.26.3-3+deb13u6_riscv64.deb
 f0f155ba165ace9ab8e26a6d0a9f59dd056c2491 13985 nginx_1.26.3-3+deb13u6_riscv64-buildd.buildinfo
 7b2d7eaea9314bad4cfee6b6bc75296658d6d460 630804 nginx_1.26.3-3+deb13u6_riscv64.deb
Checksums-Sha256:
 9603650e6f8314557500345baafd7e1ced72ec27c104d0336a934e17ebfdcacf 38008 libnginx-mod-http-geoip-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 4751e0a586317a3ac4326c185efb0d1b98e4caff22ea510cd3d87393abb6dd67 89196 libnginx-mod-http-geoip_1.26.3-3+deb13u6_riscv64.deb
 f6cd3322a194792e3d7033d8ab2ab4349807fd9d467a154525844dc79f0e66bc 45036 libnginx-mod-http-image-filter-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 9c3763de1d201d8fe90e43eb9c05351e6885eb4aede895f182b9f5aaea497cae 92764 libnginx-mod-http-image-filter_1.26.3-3+deb13u6_riscv64.deb
 af3b48d6dd9c5d7e12f90615b8635b9f4ff5f3199152bbe36bd3b8aaf86765f3 106888 libnginx-mod-http-perl-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 4e2a437789287eb2170d42afc6b7be45faba25033295583ad62ec6d2774e67df 101188 libnginx-mod-http-perl_1.26.3-3+deb13u6_riscv64.deb
 07e167729e69c16de91903e6e6815bbd18095526612e7177e79b3c68efdebe54 53992 libnginx-mod-http-xslt-filter-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 62a40031b30bdd829626fe7fe5f3087dba44fb833252d44c549eaba817f50e09 91220 libnginx-mod-http-xslt-filter_1.26.3-3+deb13u6_riscv64.deb
 da1c0bab1116d3827c5a4d10eef2f74e8b834bbc386f8f834a240efd837851b1 103768 libnginx-mod-mail-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 9cf55900d81c424aab7e4d39751afba45b72b481535831201c5477fb76e2ea43 124364 libnginx-mod-mail_1.26.3-3+deb13u6_riscv64.deb
 27478077ca3ce3c60eb95e206485cc5fd03704e19326717ca7bc53b4802f88b7 183620 libnginx-mod-stream-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 e857e039f7cfe3bc39a8e96a944ca2d973dc0f0a6924efb260a2516f9b888963 24020 libnginx-mod-stream-geoip-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 e14fa532a465abe91f14883a86e1b949a2e50720e337883e5cb869138d4cf43d 88492 libnginx-mod-stream-geoip_1.26.3-3+deb13u6_riscv64.deb
 9b2d03f141368779b0a59f46082180e88ac2052a78788edfd3e195b9fb0b91ce 155596 libnginx-mod-stream_1.26.3-3+deb13u6_riscv64.deb
 6089a48ed80fb02a532b1a583404c0ce11a35b6c3025e6e6f5833d0c883e2eb9 1315392 nginx-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 49d05176e9449b09b4525443452bf19b88ef1bf0c0fcc9791257c4639f4309e6 84484 nginx-extras_1.26.3-3+deb13u6_riscv64.deb
 9b1aa3c1c0372f82f137578a6e81e51f03c8788b2f790a6b92eedf2784c3f4c8 13985 nginx_1.26.3-3+deb13u6_riscv64-buildd.buildinfo
 1b1a4efb2854fa50e42e1be5fd6c5ca4b65265eb0b016fb9c56d570da3e4093e 630804 nginx_1.26.3-3+deb13u6_riscv64.deb
Files:
 3b21f9db4e18a5302a9974610f95ce58 38008 debug optional libnginx-mod-http-geoip-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 fbadfb139e3ea8b2682c22ce6062edd9 89196 httpd optional libnginx-mod-http-geoip_1.26.3-3+deb13u6_riscv64.deb
 7093b25b1228bc8940ff8d4a00776f9c 45036 debug optional libnginx-mod-http-image-filter-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 4aa122bdf6383a630dd800342b70a6b1 92764 httpd optional libnginx-mod-http-image-filter_1.26.3-3+deb13u6_riscv64.deb
 e9de006166eab5ee03ff006949fc39f0 106888 debug optional libnginx-mod-http-perl-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 094d0462f31b510f72354740464d048b 101188 httpd optional libnginx-mod-http-perl_1.26.3-3+deb13u6_riscv64.deb
 7cd508c75d2d196856626c823af67e86 53992 debug optional libnginx-mod-http-xslt-filter-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 5d921670bac8e80a1568be2f95b3eab7 91220 httpd optional libnginx-mod-http-xslt-filter_1.26.3-3+deb13u6_riscv64.deb
 cff0f8f5fa26b2d10d6b12e90e925df2 103768 debug optional libnginx-mod-mail-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 fe1a1e6b8cf0be265d0816b96e67e6a2 124364 httpd optional libnginx-mod-mail_1.26.3-3+deb13u6_riscv64.deb
 b543edf915dd29e4f27ade003d0eb268 183620 debug optional libnginx-mod-stream-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 969558f298fadcfe2a6ceaa0d3afd80f 24020 debug optional libnginx-mod-stream-geoip-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 65e9e4935af0783e02a78c08ad19b8d4 88492 httpd optional libnginx-mod-stream-geoip_1.26.3-3+deb13u6_riscv64.deb
 a0fbe7ec99069743a8d9685f1544cdd2 155596 httpd optional libnginx-mod-stream_1.26.3-3+deb13u6_riscv64.deb
 1b9d9481834a93f32643152126757c4d 1315392 debug optional nginx-dbgsym_1.26.3-3+deb13u6_riscv64.deb
 ade8cee3b41db336b6bbe673d09cbacd 84484 httpd optional nginx-extras_1.26.3-3+deb13u6_riscv64.deb
 55dd16f7e56cf9169f0d8e6d990c2f54 13985 httpd optional nginx_1.26.3-3+deb13u6_riscv64-buildd.buildinfo
 3fffb65fcab21e48a3c4dcad6b9209ce 630804 httpd optional nginx_1.26.3-3+deb13u6_riscv64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEExv8RwtKAmv8J56r/6ETk30hvxtkFAmokPvoACgkQ6ETk30hv
xtmI6w/7BCQRWUmvSyqCn1aTTEkUbY0xbWKx+TMhWxLR7UwZC4EveZYnpGkheb8m
YzFdbpd71YFpNKT/uGlbAVUMLaKocCB9JVg7aaZrHGmgiK6JVH/7vODlWpVll19N
K5dwIoYU5p4wqF0BBgKZnFQIcDlwLS/UhH9aUGv3qPeSyMCLABRq79FHOPwX1IT0
kX6d0n7CyfgiIYjkNuGHC9dQKSALrTTxT79mU0Pl6JN48z1RbZOMe6qUzNin0gwc
FmNSw/G2q8pC2FMF6fcGwpET8xUZjVeLT/H2oypP+FEt00MOGkQx0XOKOVPk/d+T
c0EBnbgbPeqFdzhrTWAJt60y21+26xDQfh+/8jlSEEpvvqOvYUDo1ND89Nv72QGB
9CcPXs3Z3DfNFozG6I464o2OuQMRcZ8X0h1yY3J5Y8vzMCo+Kjd6b0wDEkzKxwA9
tMS2+KTk5EVCTrnnCZwnZb/VEte4gRU4zmDr4l2RhctD06vXNJ9CKKXDH7yNk5Jw
yIb++41TkAVkJslFmQalJnzoxtrVFxmPd+olH0MgSxKwSAEGWsIRMJIr8ExGWXSU
D1N5KD0PVHc/kvpmbQ52sG32slWiARI/5Qzn4G4AenCQZooqHdEWEgOXM5bpsccb
7coUpX9JcqEn/WgSaQRaNP9PTqfL6VhyNgm9ZOd1XsmHvShMh5Y=
=TaT9
-----END PGP SIGNATURE-----