-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Mar 2026 17:41:51 +0000
Source: nginx
Architecture: source
Version: 1.26.3-3+deb13u3
Distribution: trixie
Urgency: medium
Maintainer: Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-lists.debian.net>
Changed-By: Jan Mojžíš <janmojzis@debian.org>
Changes:
 nginx (1.26.3-3+deb13u3) trixie; urgency=medium
 .
   * backport changes from upstream nginx, fixes for buffer overflow
     vulnerability in the ngx_http_dav_module (CVE-2026-27654), buffer overflow
     vulnerabilities in the ngx_http_mp4_module (CVE-2026-27784, CVE-2026-32647),
     mail session authentication vulnerabilities (CVE-2026-27651, CVE-2026-28753)
     and OCSP result bypass vulnerability in stream (CVE-2026-28755)
     * d/p/CVE-2026-27651.patch add
     * d/p/CVE-2026-27654.patch add
     * d/p/CVE-2026-27784.patch add
     * d/p/CVE-2026-28753.patch add
     * d/p/CVE-2026-28755.patch add
     * d/p/CVE-2026-32647.patch add
Checksums-Sha1:
 a4e9069ceb2f929627aab5ded9201084428f9ab2 3827 nginx_1.26.3-3+deb13u3.dsc
 19fd64dc80b54fb8c1c1454d0a3bbedc3b95e2ca 84776 nginx_1.26.3-3+deb13u3.debian.tar.xz
 a67ac7a0c47e12196817287cfcfa99f2f3db6ab6 8266 nginx_1.26.3-3+deb13u3_source.buildinfo
Checksums-Sha256:
 11d7a0089369ff09a2513151bf945cfb1d73bd2666fed1d14b9a535f0a836db3 3827 nginx_1.26.3-3+deb13u3.dsc
 7e597d8f7b419a2bb734953a7f3a03060678bb093c47a3462455bc885cde68b7 84776 nginx_1.26.3-3+deb13u3.debian.tar.xz
 dac03d9f5abd6d29c457e203bdd4cb1cf9388151e4b79566b30a159a5d542325 8266 nginx_1.26.3-3+deb13u3_source.buildinfo
Files:
 f1683fe247a23bf2f247895922ff0fda 3827 httpd optional nginx_1.26.3-3+deb13u3.dsc
 6558185383c495ad510b66c1dad1eceb 84776 httpd optional nginx_1.26.3-3+deb13u3.debian.tar.xz
 3dbf0d3fcd74b84ed08c309d0ce15503 8266 httpd optional nginx_1.26.3-3+deb13u3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCgAzFiEE0Aiwwj2EeeRrn8uQRdpRdJaTn/kFAmnRZMUVHGphbm1vanpp
c0BkZWJpYW4ub3JnAAoJEEXaUXSWk5/5zv4P/jfVJNF50D3y0YnnqIV9d8uWVuGO
076IDhB4eZYiksQy6i3dbb977BDcO0WYCLVuLCgAWeNO9pIpQWT980MG0yB8Q/fh
nTt8Ja129ipLA+5p9n7uQ/I1VcSlniltWNXL7KSUDkqR7tOe9hac5dfOnTanVyje
yw3STQFKrU1T5EsIOnOLG/uxXJR7cWIlvnjLRdYVKeBRM2q/hyo+b3sG31J+XUa6
+2FL8Y6jpx4hkwLp7ZHyNNWQnfe9bm/A/4BxpAObKydfYvPIbRDgiL5uR07Ne75V
HEVrTp1RqfXsRH9R5ZENbjjbfsfN7dOUT5UpOkgbU/COQUhAQoV4MACrrCjiTF0F
vqJnnO6qlTN4jcEAp2jt8AkloPyJLFvh929B+h80trPScxwpu40mJLU8YcktnXHG
I4HiIVlylZyWla13i0fQYT5NH34dDYb3MG3G1VlqbbOJMXIXqAUSQFZoYlTy8I48
RJYDh/fZ1uwDSKexRTVaEMJpnf+WncZRz4HDNb0mJWzsU2pWBOIr/vo6gt4kJVT+
q6EI45cIGZc7Oq+z8ayWfC8+CucoFEPtZkhK9XpxGtueICt2bb0yQGKCcV1eCShn
vQyk2Ul/+JROUrRXIpATG0genXgGRhR7VLrtKkmRSRimm01+KJQ+OBQJOIFUjwBG
vhBr/X3jJexoK3z+
=jHZv
-----END PGP SIGNATURE-----