I have just uploaded nginx packages that revert the problematic patch for CVE-2026-49975 to the security team ppa here:
https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages Once they have finished building, I will release them as a security regression fix, and will then investigate how to fix CVE-2026-49975 again in a subsequent update. ** Information type changed from Public to Public Security ** CVE added: https://cve.org/CVERecord?id=CVE-2026-49975 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2155992 Title: headers-more dynamic module crash | Signal 11 and 6 Crashes due to ABI breakage on 1.24.0-2ubuntu7.10 and 1.28.3-2ubuntu1.3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libnginx-mod-http-dav-ext/+bug/2155992/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
