-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Jun 2026 12:23:48 +0000
Source: nginx
Binary: libnginx-mod-http-geoip libnginx-mod-http-geoip-dbgsym libnginx-mod-http-image-filter libnginx-mod-http-image-filter-dbgsym libnginx-mod-http-perl libnginx-mod-http-perl-dbgsym libnginx-mod-http-xslt-filter libnginx-mod-http-xslt-filter-dbgsym libnginx-mod-mail libnginx-mod-mail-dbgsym libnginx-mod-stream libnginx-mod-stream-dbgsym libnginx-mod-stream-geoip libnginx-mod-stream-geoip-dbgsym nginx nginx-dbgsym nginx-extras
Architecture: i386
Version: 1.22.1-9+deb12u8
Distribution: bookworm-security
Urgency: medium
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Jan Mojžíš <janmojzis@debian.org>
Description:
 libnginx-mod-http-geoip - GeoIP HTTP module for Nginx
 libnginx-mod-http-image-filter - HTTP image filter module for Nginx
 libnginx-mod-http-perl - Perl module for Nginx
 libnginx-mod-http-xslt-filter - XSLT Transformation module for Nginx
 libnginx-mod-mail - Mail module for Nginx
 libnginx-mod-stream - Stream module for Nginx
 libnginx-mod-stream-geoip - GeoIP Stream module for Nginx
 nginx      - small, powerful, scalable web/proxy server
 nginx-extras - nginx web/proxy server (extended version)
Changes:
 nginx (1.22.1-9+deb12u8) bookworm-security; urgency=medium
 .
   * Apply both patches to fix CVE-2026-42946. In the previous version,
     only one part of the patch was applied, so the fix was incomplete.
     This really fixes CVE-2026-42946, thanks to charles@debian.org for
     pointing it out.
     * d/p/CVE-2026-42946.patch rename to d/p/CVE-2026-42946.2.patch
     * d/p/CVE-2026-42946.1.patch add
   * backport fix for buffer overflow vulnerability in the
     ngx_http_rewrite_module (CVE-2026-9256) from upstream 1.30.2 nginx.
     * d/p/CVE-2026-9256.patch add
   * backport max_headers directive from upstream nginx. It limits the number
     of request headers accepted from clients. Fixes remote denial-of-service
     exploit.
     And move max_headers from core module to the ngx_http_header_count_module
     to avoid potential ABI breakage and keep all the 3rd party modules
     compatible with the new version of nginx without recompilation.
     A big thanks to Miao Wang for preparing the modification.
     Fixes TEMP-1138794-BADE22.
     * d/p/FIX-HTTP2bomb.patch add
Checksums-Sha1:
 99c257ea4ff87245493b5bcd67479c7d67f1d2c5 35772 libnginx-mod-http-geoip-dbgsym_1.22.1-9+deb12u8_i386.deb
 a44bcb9ef733347032a910ca4036c27c6b97eedd 86204 libnginx-mod-http-geoip_1.22.1-9+deb12u8_i386.deb
 b53d22756b4bcbfc466b3b1db8cc63d33e411a63 42960 libnginx-mod-http-image-filter-dbgsym_1.22.1-9+deb12u8_i386.deb
 d5a1ab391afbc57a00d39eb9ae240240396e43b4 89808 libnginx-mod-http-image-filter_1.22.1-9+deb12u8_i386.deb
 4ad5e28f3140e11b4e1fa448769160a4fc540c4e 94708 libnginx-mod-http-perl-dbgsym_1.22.1-9+deb12u8_i386.deb
 e56c5bdeb24ddeffb7a448fd9d6d8ea01f28d61e 99208 libnginx-mod-http-perl_1.22.1-9+deb12u8_i386.deb
 f9a7986b3e6fde9c03f0b89979b6aaff3f04d38e 51852 libnginx-mod-http-xslt-filter-dbgsym_1.22.1-9+deb12u8_i386.deb
 602344ff48368a97a2c1edb38c6555a9f44292d8 88416 libnginx-mod-http-xslt-filter_1.22.1-9+deb12u8_i386.deb
 8e4a9d1de27c5c916ffa83d9fc2c6d7c8e4b778c 102300 libnginx-mod-mail-dbgsym_1.22.1-9+deb12u8_i386.deb
 dcc84e40abf85a5576a84c2892149e4ce5402d36 122728 libnginx-mod-mail_1.22.1-9+deb12u8_i386.deb
 e6cbf7491313213ac62c9e1acc0e2626f68fb5a1 159972 libnginx-mod-stream-dbgsym_1.22.1-9+deb12u8_i386.deb
 5fc16cc8316153175ce573e5328feabd5dfccdc4 21840 libnginx-mod-stream-geoip-dbgsym_1.22.1-9+deb12u8_i386.deb
 fb5f2abc1b67ac6f7c10ed0a2a3e73f280917bf8 85312 libnginx-mod-stream-geoip_1.22.1-9+deb12u8_i386.deb
 43618d505a615d95aad79ebf068bffae71c4db5d 151084 libnginx-mod-stream_1.22.1-9+deb12u8_i386.deb
 bf318282e05ff875d9298c00a0a6195cf53a3bc2 1020016 nginx-dbgsym_1.22.1-9+deb12u8_i386.deb
 459ea1f5e992b7a164d6992259170a55b1e6b6bb 81336 nginx-extras_1.22.1-9+deb12u8_i386.deb
 97fe0b9b18d80f26c57049360e33ec4ec63591da 14126 nginx_1.22.1-9+deb12u8_i386-buildd.buildinfo
 bfe5e8b1219d98e62b9b3b86fb5b4350697a3c86 572092 nginx_1.22.1-9+deb12u8_i386.deb
Checksums-Sha256:
 74d9a8ef01f0376bfcb647a5df5e4cfe1072f10565e88ba451e2704c216d11c9 35772 libnginx-mod-http-geoip-dbgsym_1.22.1-9+deb12u8_i386.deb
 a8fa34b97205f52089f07a8eb7100a5a53838ba0ec7eaea70a96bf1155d223df 86204 libnginx-mod-http-geoip_1.22.1-9+deb12u8_i386.deb
 b5180e91f7f8ba7c95622d73842b9a2015c6ee9444f5b69189de33661531434a 42960 libnginx-mod-http-image-filter-dbgsym_1.22.1-9+deb12u8_i386.deb
 1d9bc2772133ef33a95d99d428a9343ba7c14438d2fa2afcc40c453ab7b407cf 89808 libnginx-mod-http-image-filter_1.22.1-9+deb12u8_i386.deb
 baf5b91f938aa6badcf1d10dd76c1e930ccb006bd26c4dd354baa09571f99d09 94708 libnginx-mod-http-perl-dbgsym_1.22.1-9+deb12u8_i386.deb
 0c1968d385e38530eadd33164b5924497da13e46b31577bbce46d59956371434 99208 libnginx-mod-http-perl_1.22.1-9+deb12u8_i386.deb
 10e244b12c7e3b50905258f01900b8ac3d147650cc3c29412349907359c29d83 51852 libnginx-mod-http-xslt-filter-dbgsym_1.22.1-9+deb12u8_i386.deb
 fec9f5f1dca5864e823e7ffd133fd5232a254bec31914e2b91f256f5eaaca08d 88416 libnginx-mod-http-xslt-filter_1.22.1-9+deb12u8_i386.deb
 c9de28d399e810b471b18b9a12f3e659f49a4e3d944b999a9b80ae8c566a4f6f 102300 libnginx-mod-mail-dbgsym_1.22.1-9+deb12u8_i386.deb
 111a90c4d3e9a8633dcf96404056e3d538afc2aa27798fabeb656c19b90b45ec 122728 libnginx-mod-mail_1.22.1-9+deb12u8_i386.deb
 bbe7d572a8dbf55c56f32e69c279d86455acfc3d97510bcbc5be78f491afd43a 159972 libnginx-mod-stream-dbgsym_1.22.1-9+deb12u8_i386.deb
 d527a5c7b2c9776bf105eb7da2415495dfc716e707645dedeffb55ece52f8c37 21840 libnginx-mod-stream-geoip-dbgsym_1.22.1-9+deb12u8_i386.deb
 fe9922880cc613abf86fbda6a833c1a5b69ba8e97f13988e35d60f64d3b59880 85312 libnginx-mod-stream-geoip_1.22.1-9+deb12u8_i386.deb
 894676d1f436928cbc10f9d280548485a81e17b15429bd22c500be9bd4b9adac 151084 libnginx-mod-stream_1.22.1-9+deb12u8_i386.deb
 fadaf78754168c65d8359edfb2233119440c12a4d56b58bfe91cd1d4c07727c4 1020016 nginx-dbgsym_1.22.1-9+deb12u8_i386.deb
 681570fe8c0062d3d8dd4f0bec911fe0659a0f879805a9d795340d2503e7d728 81336 nginx-extras_1.22.1-9+deb12u8_i386.deb
 bad3e81a77366e145bdf2d38a8dfc051e50f312663d2d7af774f132f278d7446 14126 nginx_1.22.1-9+deb12u8_i386-buildd.buildinfo
 71b870462071799687c42341d21bd678677177e52bc096c5a6a4c4552ce03e84 572092 nginx_1.22.1-9+deb12u8_i386.deb
Files:
 4c05a77a117ce749097a15774d294e50 35772 debug optional libnginx-mod-http-geoip-dbgsym_1.22.1-9+deb12u8_i386.deb
 46111088774e0e60740ba2a0bec7b505 86204 httpd optional libnginx-mod-http-geoip_1.22.1-9+deb12u8_i386.deb
 3118a61338d539935ba7077b7e49a748 42960 debug optional libnginx-mod-http-image-filter-dbgsym_1.22.1-9+deb12u8_i386.deb
 cd203208b54f40367ab2afacd62c6057 89808 httpd optional libnginx-mod-http-image-filter_1.22.1-9+deb12u8_i386.deb
 78b6a21a170dd06354eb40d701ebc039 94708 debug optional libnginx-mod-http-perl-dbgsym_1.22.1-9+deb12u8_i386.deb
 b41b5ada342d6eb0581773568631129f 99208 httpd optional libnginx-mod-http-perl_1.22.1-9+deb12u8_i386.deb
 510dd49200ef9ae69e068fd52260c09a 51852 debug optional libnginx-mod-http-xslt-filter-dbgsym_1.22.1-9+deb12u8_i386.deb
 249a4314db754ddf2a4bed137a9c33e1 88416 httpd optional libnginx-mod-http-xslt-filter_1.22.1-9+deb12u8_i386.deb
 ea1af079eed2ad91949da581a5a54cbe 102300 debug optional libnginx-mod-mail-dbgsym_1.22.1-9+deb12u8_i386.deb
 661cafbc72423249cf13311084b84fd4 122728 httpd optional libnginx-mod-mail_1.22.1-9+deb12u8_i386.deb
 1d4e620cde4f2468b7a7041eb43ea0e4 159972 debug optional libnginx-mod-stream-dbgsym_1.22.1-9+deb12u8_i386.deb
 e9a960a0d1c0b33ca87b9512c6aeea02 21840 debug optional libnginx-mod-stream-geoip-dbgsym_1.22.1-9+deb12u8_i386.deb
 5d954fb03e18c0363725678579f2e668 85312 httpd optional libnginx-mod-stream-geoip_1.22.1-9+deb12u8_i386.deb
 ce8d28beebde10fc4cb3f265b0e66cb8 151084 httpd optional libnginx-mod-stream_1.22.1-9+deb12u8_i386.deb
 52b22c800f828a86f7be99f0616798ed 1020016 debug optional nginx-dbgsym_1.22.1-9+deb12u8_i386.deb
 9a6f7512bff58c9610e06ff61b2f24d1 81336 httpd optional nginx-extras_1.22.1-9+deb12u8_i386.deb
 374f293774f89979cf96a35a8b3b57a3 14126 httpd optional nginx_1.22.1-9+deb12u8_i386-buildd.buildinfo
 d78b741b97a7fee49a9689f73f30b0e6 572092 httpd optional nginx_1.22.1-9+deb12u8_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPAUaMA0H0rOy6qBWf2INRiCdaWIFAmokM2cACgkQf2INRiCd
aWKq+w//WkMqs9fQ1Mty/i6poCJl2MB7cNMmxDp0QZ4mTLcdaiIYtiwM+8+s1u18
hDQSZdiJR6UT52EV1p1DKJmek7iNPPK5/+u44ZsMkKUQbXn1wQiahZA8DHon1WpM
xpZRUGO9Plvb5y+bbk8Uxqynm289CT+rPsRwyfFkBA/1iDXPYlF7I8wp58rDoPGi
xPGSyun8kb9Ag4/hqMozu6u89PIae7PQsv6lTHx1YZWNEdAiKup3GsTokwwFy6Ao
s2Mg3SI0/ImPGl6TSLY4Utra/ytrbe3LokCmugreZEQYzzTV11IGucOyYRy/wYoE
hXJWyO2765hR5TLOpvNDEegDuylzZ8bOIk4kl765oaSrLRGSG7Tblty72XcKii4G
+/oPeU20dd0a5phH3/Z6AXemYMKCMBfz+fnUXOtFS8Yd/b/47Rm4fD3mMWePBQ7f
gbqR0yWiLF2qeE9v5qXDRofhMI0OuS668jUj3Z6CCUW7TuNfYQOn5R671iyotLBb
HsSoat+D7f4fZTUcrdXEqgjYzNg+LzUc9IQamF4eLqH6VMe3LYdu59jIXvsTBt8Q
BRAatHnn1GYaSdLvv/ZBnM4NLcQhc6/FJgiupb9dxw3c9/orhY0FZ07AsRFRB36V
ItG+Dhn/7Rd63blHdkR9K34j2qsFrEne9j6OVvIrjCTGzOd6ltI=
=Udl4
-----END PGP SIGNATURE-----