@mdeslaur I... think you failed to look at the commit date. THAT is a 14 year old (circa 2012) commit that is already in the codebase? Pretty sure that's already present as a prior security update. The diff between 1.30.0 and 1.30.1 for the rewrite module only has that single change to counter the overrun.
Other commits for 1.30.1 dont touch the rewrite module. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2152577 Title: CVE-2026-42945: heap-based buffer overflow in ngx_http_rewrite_module (NGINX Rift) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/2152577/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
