-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 30 Mar 2026 19:10:24 +0000 Source: nginx Architecture: source Version: 1.22.1-9+deb12u5 Distribution: bookworm Urgency: medium Maintainer: Debian Nginx Maintainers Changed-By: Jan Mojžíš Changes: nginx (1.22.1-9+deb12u5) bookworm; urgency=medium . * backport changes from upstream nginx, fixes for buffer overflow vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647), mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753) and OCSP result bypass vulnerability in stream (CVE-2026-28755) * d/p/CVE-2026-27651.patch add * d/p/CVE-2026-27654.patch add * d/p/CVE-2026-27784.patch add * d/p/CVE-2026-28753.patch add * d/p/CVE-2026-28755.patch add * d/p/CVE-2026-32647.patch add Checksums-Sha1: f18a5339e87bb0ebf9169135401ee5debc8b5eef 3586 nginx_1.22.1-9+deb12u5.dsc 7ab02b36adee2a20b41faa3c365ca469725dcaaa 78504 nginx_1.22.1-9+deb12u5.debian.tar.xz 15782c8b6a232fee079a2e25a3ef33028841e51b 8684 nginx_1.22.1-9+deb12u5_source.buildinfo Checksums-Sha256: 7c5ce701d19654c6b122d3209457cdf45a6aebcd3d0ca735ee05bbb70e418e6e 3586 nginx_1.22.1-9+deb12u5.dsc 576b44d1f4c6f7d29371fb07dda0f30fee5afa72f6f5723f7dfb270f0178e5a7 78504 nginx_1.22.1-9+deb12u5.debian.tar.xz 3c0e20a83f9e4822b7c2839198fb83da90c06e820d6cef314ac8bbf6a93a2570 8684 nginx_1.22.1-9+deb12u5_source.buildinfo Files: aaf0447daaf61ef91dc9a66f5cfb2d18 3586 httpd optional nginx_1.22.1-9+deb12u5.dsc 4f8f17c348c7a98b5af3a23d4392a13a 78504 httpd optional nginx_1.22.1-9+deb12u5.debian.tar.xz b9a4f8e55813a56a90af0c989723acbc 8684 httpd optional nginx_1.22.1-9+deb12u5_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCgAzFiEE0Aiwwj2EeeRrn8uQRdpRdJaTn/kFAmnRYkMVHGphbm1vanpp c0BkZWJpYW4ub3JnAAoJEEXaUXSWk5/5lmMQAIuE/hgCmO+vfH3e6WPkB49GEL4P VMcn3xYWtVMfsw/Mk6mBsw/gv6efDX4/g5cv/Yjx/3K53L0KLWnBgwcr81CWOz7z QfKZg3E03RGqY6ZqZEGbV8wf9S+h1/cVs9jvl872rQJqrgrBIAOeXRhDf+sMBcAL W/kr+tDrgYIZOo7PZL4ks+1Y6K+1lPdULf1j6wmTaOtMnM6dB1iiUYh0SDo9vQP0 5Oc7uQ3pPIFeSgPK8aMRpUbRfhBC/fMyd2bOdqBUi8DaifB5+5TS/0Tcjd30a9xp iTfnQ2ehA+Ql1sJFn7VAZaUfZbI8NP2RCc0MvqGlPNAtCOQ30MleXasAdm+t0WbY +SzmBPqIw7bwlFO3QiluYmA9MJpsLeaZwdTMpVjr+aS7fLr9hd0PMLaQpOthVXr2 aXtuoFkEaAS++Oei7qjXIQ3bVqteKcj9DlGmnoUBkqQJszYBRdRi1cLDflMMqkpf nsQk9Vv6B3OQo660voWehNWQMNUmR54PD2ncpwh41UzqL7tuiK+8sfGnntUvsS79 eBOQHQnAkh7b14bMu7BvWtlnAHEQgPd9WgHC1Ln696KJ+dPe+w9g4XcyWWsZm/4S yda7hAAmUFuoY5su0XJQE4JTWb0P0dZM+C04s8fmbuybg8cZd8GtQAi/P+4+vYSd 9I2O7LL7YIxrYwNu =xQIR -----END PGP SIGNATURE-----