[Git][security-tracker-team/security-tracker][master] Reserve DLA-4589-1 for nginx

Mon, 18 May 2026 07:03:11 -0700 


Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker 
/ security-tracker


Commits:
682bb9be by Carlos Henrique Lima Melara at 2026-05-18T16:00:13+02:00
Reserve DLA-4589-1 for nginx

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -54484,7 +54484,6 @@ CVE-2026-20056 (A vulnerability in the Dynamic 
Vectoring and Streaming (DVS) Eng
 CVE-2026-1642 (A vulnerability exists in NGINX OSS and NGINX Plus when 
configured to  ...)
        {DSA-6131-1}
        - nginx 1.28.1-3 (bug #1127053)
-       [bullseye] - nginx <postponed> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2026/02/05/1
        NOTE: https://my.f5.com/manage/s/article/K000159824
        NOTE: Fixed by: 
https://github.com/nginx/nginx/commit/784fa05025cb8cd0c770f99bc79d2794b9f85b6e 
(release-1.28.2)
@@ -121011,7 +121010,6 @@ CVE-2025-53859 (NGINX Open Source and NGINX Plus have 
a vulnerability in the ngx
        - nginx 1.28.0-3 (bug #1111138)
        [trixie] - nginx 1.26.3-3+deb13u1
        [bookworm] - nginx 1.22.1-9+deb12u3
-       [bullseye] - nginx <postponed> (minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2025/08/13/5
        NOTE: https://nginx.org/download/patch.2025.smtp.txt
        NOTE: Fixed by: 
https://github.com/nginx/nginx/commit/765642b86e0df1b5ef37f42522be7d08d95909c9 
(release-1.29.1)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[18 May 2026] DLA-4589-1 nginx - security update
+       {CVE-2025-53859 CVE-2026-1642 CVE-2026-27651 CVE-2026-27654 
CVE-2026-27784 CVE-2026-28753 CVE-2026-32647 CVE-2026-40701 CVE-2026-42934 
CVE-2026-42945 CVE-2026-42946}
+       [bullseye] - nginx 1.18.0-6.1+deb11u6
 [16 May 2026] DLA-4588-1 linux-6.1 - security update
        {CVE-2026-46333}
        [bullseye] - linux-6.1 6.1.172-1~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -345,11 +345,6 @@ netty (rouca)
   NOTE: 20260114: fix remaining CVE wait DSA (rouca)
   NOTE: 20200331: release DLA-4519-1 netty. Unfortunatly partial due to new 
CVEs (rouca)
 --
-nginx (charles)
-  NOTE: 20260328: Added by Front-Desk (Beuc)
-  NOTE: 20260328: 6 new CVEs; also follow DSA-6131-1 (1 CVE)
-  NOTE: 20260328: and bookworm 12.12 (1 CVE) (Beuc/front-desk)
---
 node-lodash (utkarsh)
   NOTE: 20260131: Added by Front-Desk (Beuc)
   NOTE: 20260201: this package is pure madness - 290 vendored sources and 
origtars. :)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/682bb9be2474b21948eb10b5de84a17d24fe94c4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/682bb9be2474b21948eb10b5de84a17d24fe94c4
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to