-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 22 Apr 2026 20:15:43 +0000 Source: nginx Binary: nginx-common nginx-core nginx-dev nginx-doc nginx-full nginx-light Architecture: all Version: 1.22.1-9+deb12u6 Distribution: bookworm Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Jan Mojžíš Description: nginx-common - small, powerful, scalable web/proxy server - common files nginx-core - nginx web/proxy server (standard version) nginx-dev - nginx web/proxy server - development headers nginx-doc - small, powerful, scalable web/proxy server - documentation nginx-full - nginx web/proxy server (standard version with 3rd parties) nginx-light - nginx web/proxy server (basic version) Changes: nginx (1.22.1-9+deb12u6) bookworm; urgency=medium . * d/conf/*_params: use "$host" instead of "$http_host" * "$http_host" forwards the Host header exactly as supplied by the client and may not match the effective request target (e.g. absolute-form requests with a conflicting Host header) this can expose inconsistent or attacker-controlled host values to backend applications (uwsgi, fastcgi, scgi, proxy) * switch to "$host" as a safer, normalized alternative * note: this changes behaviour, as "$host" does not preserve the client-supplied port; deployments relying on "$http_host" including a port number may be affected * it is workaround for Debian bug #1126960 for stable/oldstable release Checksums-Sha1: b69f88216857aee56446d0d6d97c0e7e097c7858 114056 nginx-common_1.22.1-9+deb12u6_all.deb 6f9c2ab13c8f64df2211a3c6a41efb926dd7cdd1 80576 nginx-core_1.22.1-9+deb12u6_all.deb 607942b9e7b612c7a0527b879559bb60a93947f4 177168 nginx-dev_1.22.1-9+deb12u6_all.deb bc15874663908db8df6a837bec7ee570d865d014 88620 nginx-doc_1.22.1-9+deb12u6_all.deb c50ba99c96321e17295479233bf1dacde85549cf 80640 nginx-full_1.22.1-9+deb12u6_all.deb 78f47131312f922644d8021f22a88a121e32ae8a 80344 nginx-light_1.22.1-9+deb12u6_all.deb 772062a8786e7bd576218f4e15c8528b0f19aed9 10120 nginx_1.22.1-9+deb12u6_all-buildd.buildinfo Checksums-Sha256: 812410af3b0a377b7ac1d0c964e0b0ef7ebcd3bb1585f5bcaa16a45921042718 114056 nginx-common_1.22.1-9+deb12u6_all.deb 6e76b663c5a0ec92fc21e1a5c8aeabdd5aa775c30206d9c3f5e38f3b317d396c 80576 nginx-core_1.22.1-9+deb12u6_all.deb c32b2e6a71f34c37405fd65d7ea4f8478354ba9683a7e75046529e54fce6349c 177168 nginx-dev_1.22.1-9+deb12u6_all.deb 2dac97e89f9a5cc38d8ca202fa4dda364a2d6fd02e0608a283206dc31f8756c0 88620 nginx-doc_1.22.1-9+deb12u6_all.deb a9ca6d68a6dcfa74ead291bca16651eae5f2b51c61fb43f62bb64a772b84738d 80640 nginx-full_1.22.1-9+deb12u6_all.deb 3838e58008cb92404eb4bfb41bffee1cc0ece9ef6c2c661c1f523d600b4fb310 80344 nginx-light_1.22.1-9+deb12u6_all.deb 7704b748f7e18b43ce1d99daabdd1c2709f23d515fc186f1e226551b94a5a10f 10120 nginx_1.22.1-9+deb12u6_all-buildd.buildinfo Files: 2cd9638d0b30b374f06b52f0d3670b7d 114056 httpd optional nginx-common_1.22.1-9+deb12u6_all.deb c722dbd9d302a2ba9833299c458904e0 80576 httpd optional nginx-core_1.22.1-9+deb12u6_all.deb 266170eae058047919e6c9e358c3d949 177168 httpd optional nginx-dev_1.22.1-9+deb12u6_all.deb f0d9d2dff3aa5cd0d841a9c9fd7262f2 88620 doc optional nginx-doc_1.22.1-9+deb12u6_all.deb b4f1d692f115e97017ebd852c261d5e7 80640 httpd optional nginx-full_1.22.1-9+deb12u6_all.deb 5c21250d9d87ac324460948e0f4167d7 80344 httpd optional nginx-light_1.22.1-9+deb12u6_all.deb 1442672c1e7844a0eb3fbcbede6a2c38 10120 httpd optional nginx_1.22.1-9+deb12u6_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXLxUpUHQBQBTDtd4aBVi67oXtfkFAmn5g3oACgkQaBVi67oX tfmL9hAAh636kHTLxxpDwS7pR9pkoc9HqrPg6n3cfLe1p92oaQHcDmjlktlBOoYU ktqmGTk11Xq2WybSEaaXh6WJDHFOwKXkmomVaqeb88y9avuIadTKgcTZhl6jNXkm eVMorIhCicTnZmo/tZTlB4rXEJ5bf27K6MMmK/4Y6JwwwZjW7a3Q28+KbGyZHmuX b5SJIF4USVNlGU4Jd9bDrPf9xsmJ3vkplffH7omkgnxNktRJrCynSrc6Cw4DTPWT xwIzmEz0wnGOUTWM/rCoynJ7dz5fpAqff9BFLySwc9xDeNZrcz+MTJo7d5ZZbbnV ttRq5XRJ7TbYdiGFQEif2LR9a5RUI3hFcCocAmyWLxxLmKa+BL8gi1GFWmgZC3Rv kfzj5PUYWjr1AdKXryYd2B/+vsDofMz2smULDxBwdEZCu0+9vj0Bj0AOqlPvYIA0 wa3mv0Axph0dh3HtBlflJYz0MT+2sqN66w4QIsoNZKN3Bw102a6Kbr+37GvXWvW8 ppCvbcB23rN/85DVD7FaL62yp5bPjN1xgybmytPS8NyYH+PUAlRGfDY8nRfNe3KB UOjJFaTR37iGwK57b4ykB4ANviyLRIK/pJmL1VQJlzU3RPXXwYLpoUuFw9wIxuRI ubWbAV6NkSVhQhj07D5x+LK71OA50A4nBhwxCbVclTQqxk7Uq8c= =I6LK -----END PGP SIGNATURE-----