-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Jun 2026 12:23:48 +0000
Source: nginx
Binary: libnginx-mod-http-geoip libnginx-mod-http-geoip-dbgsym libnginx-mod-http-image-filter libnginx-mod-http-image-filter-dbgsym libnginx-mod-http-perl libnginx-mod-http-perl-dbgsym libnginx-mod-http-xslt-filter libnginx-mod-http-xslt-filter-dbgsym libnginx-mod-mail libnginx-mod-mail-dbgsym libnginx-mod-stream libnginx-mod-stream-dbgsym libnginx-mod-stream-geoip libnginx-mod-stream-geoip-dbgsym nginx nginx-dbgsym nginx-extras
Architecture: amd64
Version: 1.22.1-9+deb12u8
Distribution: bookworm-security
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Jan Mojžíš <janmojzis@debian.org>
Description:
 libnginx-mod-http-geoip - GeoIP HTTP module for Nginx
 libnginx-mod-http-image-filter - HTTP image filter module for Nginx
 libnginx-mod-http-perl - Perl module for Nginx
 libnginx-mod-http-xslt-filter - XSLT Transformation module for Nginx
 libnginx-mod-mail - Mail module for Nginx
 libnginx-mod-stream - Stream module for Nginx
 libnginx-mod-stream-geoip - GeoIP Stream module for Nginx
 nginx      - small, powerful, scalable web/proxy server
 nginx-extras - nginx web/proxy server (extended version)
Changes:
 nginx (1.22.1-9+deb12u8) bookworm-security; urgency=medium
 .
   * Apply both patches to fix CVE-2026-42946. In the previous version,
     only one part of the patch was applied, so the fix was incomplete.
     This really fixes CVE-2026-42946, thanks to charles@debian.org for
     pointing it out.
     * d/p/CVE-2026-42946.patch rename to d/p/CVE-2026-42946.2.patch
     * d/p/CVE-2026-42946.1.patch add
   * backport fix for buffer overflow vulnerability in the
     ngx_http_rewrite_module (CVE-2026-9256) from upstream 1.30.2 nginx.
     * d/p/CVE-2026-9256.patch add
   * backport max_headers directive from upstream nginx. It limits the number
     of request headers accepted from clients. Fixes remote denial-of-service
     exploit.
     And move max_headers from core module to the ngx_http_header_count_module
     to avoid potential ABI breakage and keep all the 3rd party modules
     compatible with the new version of nginx without recompilation.
     A big thanks to Miao Wang for preparing the modification.
     Fixes TEMP-1138794-BADE22.
     * d/p/FIX-HTTP2bomb.patch add
Checksums-Sha1:
 7f21cb0e8888a10af685b3b737e708fd1d4eea81 36796 libnginx-mod-http-geoip-dbgsym_1.22.1-9+deb12u8_amd64.deb
 57957f1f94c3f517b852ad38c7650ccf32c0e69d 85780 libnginx-mod-http-geoip_1.22.1-9+deb12u8_amd64.deb
 d0ddf7236089197342db0e3ca3ab679c6c2d5f5a 44064 libnginx-mod-http-image-filter-dbgsym_1.22.1-9+deb12u8_amd64.deb
 1d31a75aa88776d94f4dfd2d1c9197659e1e09dc 89508 libnginx-mod-http-image-filter_1.22.1-9+deb12u8_amd64.deb
 ec6abf70e6f7e41ca9a6f3366f278366e9f2513f 99696 libnginx-mod-http-perl-dbgsym_1.22.1-9+deb12u8_amd64.deb
 f68de84fcb216db8e34f1dfbbdc445baea9d1d2a 97616 libnginx-mod-http-perl_1.22.1-9+deb12u8_amd64.deb
 2f331730a197e110776f53425b3452336e77aa93 53296 libnginx-mod-http-xslt-filter-dbgsym_1.22.1-9+deb12u8_amd64.deb
 c7a8dfe2001c832b26f31c3f6f4ff5744347af35 87952 libnginx-mod-http-xslt-filter_1.22.1-9+deb12u8_amd64.deb
 e6db3e6cf558b1201ff8cafae44dbe2033647257 104816 libnginx-mod-mail-dbgsym_1.22.1-9+deb12u8_amd64.deb
 2b724d5b64905c99eed7d3bdf7b5a52af137eeea 120076 libnginx-mod-mail_1.22.1-9+deb12u8_amd64.deb
 2209e91a6ed6cb68dcd45f1004d4496769c92a30 171904 libnginx-mod-stream-dbgsym_1.22.1-9+deb12u8_amd64.deb
 ae7d63f887ae7fb9fe45807c72afdc89775391b3 22488 libnginx-mod-stream-geoip-dbgsym_1.22.1-9+deb12u8_amd64.deb
 16934e1d79b19ca57faa88f8a42ab40bd1bb6eba 85000 libnginx-mod-stream-geoip_1.22.1-9+deb12u8_amd64.deb
 7681e748e441116f4b89fa481664ccafc6111efb 144968 libnginx-mod-stream_1.22.1-9+deb12u8_amd64.deb
 22577423e95e1f6969d6a7c9fa4a5ffc4122c765 1119240 nginx-dbgsym_1.22.1-9+deb12u8_amd64.deb
 3b9aca9db4a660273c6725afad89738f39c05916 81336 nginx-extras_1.22.1-9+deb12u8_amd64.deb
 93e4e891499e9e45cabf592185cfaa42e61231b5 14264 nginx_1.22.1-9+deb12u8_amd64-buildd.buildinfo
 6517aa92126be5c054da640ed9271293e0b0b7ea 529232 nginx_1.22.1-9+deb12u8_amd64.deb
Checksums-Sha256:
 24eaa8757c9ddd3f65bf8d937140efd2a6fe400a1847729c9b4df93d7355c55d 36796 libnginx-mod-http-geoip-dbgsym_1.22.1-9+deb12u8_amd64.deb
 583c0a827a760e4af774bb3b9a18327eb0a6d0f9d5c08efce666836675f8991a 85780 libnginx-mod-http-geoip_1.22.1-9+deb12u8_amd64.deb
 844cded4f63b82c5880174b7a7758eb5286e1dc6181ddd77162aff252c0881c3 44064 libnginx-mod-http-image-filter-dbgsym_1.22.1-9+deb12u8_amd64.deb
 4233dfd2fbd0aee3b5d3611e6318f08ca53f540317e1f651ed65e32df56d70a3 89508 libnginx-mod-http-image-filter_1.22.1-9+deb12u8_amd64.deb
 47edd196c4ae27e87ccb79b2ef63f06b4ec7de8879626e2577e7a3a9ee189095 99696 libnginx-mod-http-perl-dbgsym_1.22.1-9+deb12u8_amd64.deb
 08f9cd31a2ac696b322843364e86adb42f878d854e0e3793ad7c73074114b2e2 97616 libnginx-mod-http-perl_1.22.1-9+deb12u8_amd64.deb
 ae529aa0d3f2a52eaaa9aae67c91d820497179b3d64d247f6b3a2f96e1589d91 53296 libnginx-mod-http-xslt-filter-dbgsym_1.22.1-9+deb12u8_amd64.deb
 d6bb68b5787e1ef3188876742ba3bf9d3d18c7f5db93a5c2af69e04f2db9b0b3 87952 libnginx-mod-http-xslt-filter_1.22.1-9+deb12u8_amd64.deb
 960044d30a27984204e37008d714377c025b83347ac198380cc9351525264cf3 104816 libnginx-mod-mail-dbgsym_1.22.1-9+deb12u8_amd64.deb
 42fb15b66025cb5574ac65e0abf79200d310174160fbaec3b8aa1b41e894e0be 120076 libnginx-mod-mail_1.22.1-9+deb12u8_amd64.deb
 967b699881f9871c6844c0ce532e9b0c5751e0e0036bce5ed0386d3c0971884f 171904 libnginx-mod-stream-dbgsym_1.22.1-9+deb12u8_amd64.deb
 c4e60b5a24aa4c2295848918b80f3c0723a98fbc616aa6ff9be049b3b8bc54d8 22488 libnginx-mod-stream-geoip-dbgsym_1.22.1-9+deb12u8_amd64.deb
 fe787c95907b305dbf9c47a617fe41f1b7cb697ead252db6997506431ce5b9ec 85000 libnginx-mod-stream-geoip_1.22.1-9+deb12u8_amd64.deb
 c89adef2e7106424437a57e23b40ea32afb96831aa19ca37286ce8a75b0b999d 144968 libnginx-mod-stream_1.22.1-9+deb12u8_amd64.deb
 3bafb3e35a6febee8b210ea0e3cac959b636c4e3a809b9b6a19b5593051d16e2 1119240 nginx-dbgsym_1.22.1-9+deb12u8_amd64.deb
 337e29162974ffe9cf9f51e21717b3b572c294f969c6ba8e589bb6dd3ef60eeb 81336 nginx-extras_1.22.1-9+deb12u8_amd64.deb
 2d19e183463a00974d95f15d556e8d8c9bb1ea4580689bbbfc88fcfe0bcfe1a6 14264 nginx_1.22.1-9+deb12u8_amd64-buildd.buildinfo
 b475b51b984b70d4c006f0631d5247fd4e814fbf73d3207139a07b107cad6ffe 529232 nginx_1.22.1-9+deb12u8_amd64.deb
Files:
 023382b979a24f5df5270e7b5b143ff1 36796 debug optional libnginx-mod-http-geoip-dbgsym_1.22.1-9+deb12u8_amd64.deb
 c3d7171b918665a84244ecc7213ad0f4 85780 httpd optional libnginx-mod-http-geoip_1.22.1-9+deb12u8_amd64.deb
 6213323d78db72c7c067e7c346188796 44064 debug optional libnginx-mod-http-image-filter-dbgsym_1.22.1-9+deb12u8_amd64.deb
 b091cae323f2e4aa7a7b3056a2b18be5 89508 httpd optional libnginx-mod-http-image-filter_1.22.1-9+deb12u8_amd64.deb
 80968c97ffbbe353697c0558a78c7d96 99696 debug optional libnginx-mod-http-perl-dbgsym_1.22.1-9+deb12u8_amd64.deb
 316af336610ea0b95f4970c8e5a8c455 97616 httpd optional libnginx-mod-http-perl_1.22.1-9+deb12u8_amd64.deb
 956aa67804c6d4a3de29d3b1a5510243 53296 debug optional libnginx-mod-http-xslt-filter-dbgsym_1.22.1-9+deb12u8_amd64.deb
 9edd9f0ce6673be52aae5b61c05d3768 87952 httpd optional libnginx-mod-http-xslt-filter_1.22.1-9+deb12u8_amd64.deb
 f62e4b4dc3cbd6f471c1366446f8806c 104816 debug optional libnginx-mod-mail-dbgsym_1.22.1-9+deb12u8_amd64.deb
 287b231f6df7b0f5f9f8f61bfe783ed0 120076 httpd optional libnginx-mod-mail_1.22.1-9+deb12u8_amd64.deb
 540b1905de662308c297f9b78c99409a 171904 debug optional libnginx-mod-stream-dbgsym_1.22.1-9+deb12u8_amd64.deb
 994f83bc38f89135e19e682de2319d42 22488 debug optional libnginx-mod-stream-geoip-dbgsym_1.22.1-9+deb12u8_amd64.deb
 a81091fab1b78d0e8588d011cdfe6bcb 85000 httpd optional libnginx-mod-stream-geoip_1.22.1-9+deb12u8_amd64.deb
 bcf6c4d1acbec0da68f685caa0867ed5 144968 httpd optional libnginx-mod-stream_1.22.1-9+deb12u8_amd64.deb
 c6db57e026ba2457544a69235677acee 1119240 debug optional nginx-dbgsym_1.22.1-9+deb12u8_amd64.deb
 ab07d0e0886d92254c16a1d51d0fc4e5 81336 httpd optional nginx-extras_1.22.1-9+deb12u8_amd64.deb
 59ffb43b7938e71585d17b4b00628395 14264 httpd optional nginx_1.22.1-9+deb12u8_amd64-buildd.buildinfo
 39921e9b89196a3b402c49d2a3309845 529232 httpd optional nginx_1.22.1-9+deb12u8_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmtr4KUMaso2EQ6NrTwt/65ON6zcFAmokMyMACgkQTwt/65ON
6zeUcQ//SW1Q9aEGv8ISaLYz0ati2IlsG8jBpJl9Xn5dggySYJdzetOhtbnEYkql
YUEqs11/rROToj6CV4hFpPYwcaQ152Kqm5qcwsnlx8Hvib0wTyVvoJd9FFeV8Jn7
3NKNKM8RoruPqIyi3mWMvEBrTbuTMzhofD+OGYa/ueoLn4e1dEW/sVPqZXiyO5Pv
3w5GfpY5UxCp+GrZf50xn1XQqCAt6PICbd8iMa03oOA9fr9sNDDHc4GEbJMSxkxu
Jm8T7+F2Ct8Q6CAzGmchuX9M88cEXNTbQQ6LUdmbo3cbFGkebc1DyP+vbC1Lz/+h
8m2I9gU+ssu6nb1IeBY5It3mdBX+Rk8ZySeRdwBlPZGxL4rbOieXLkNuTce6hOLf
fItbA44uEA0AstJZphTrHKOjpBatJWtzwjKqq2VhnDDCNoQf+6PwTNu1xQxcqhhJ
8CtEQ2hP9GtfJPhDRpArhLtq6rFetMcbHblTa2u4EdMk17mlDsWPrY4625rCfcy/
mukXKqqbFFzJ4/uKrTHDGyU6c614D+ubMG/giK9YGg7catmTfKgLNDdiKdDBUiH1
sRkpEYb7c7dlc9sLtQBPIgnSMUjjHGLFU0f4u6YVq6yVzxnMU9jZSGiHAmIom3ub
5cpTEvMjQgBiige4kMD3qmEG26KZ+TSxcd9v2kqP2gN2dqY15oE=
=bgp3
-----END PGP SIGNATURE-----