Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.changes > #13670
| Path | csiph.com!weretis.net!feeder8.news.weretis.net!fu-berlin.de!bofh.it!news.nic.it!robomod |
|---|---|
| From | Debian FTP Masters <ftpmaster@ftp-master.debian.org> |
| Newsgroups | linux.debian.changes |
| Subject | Accepted nginx 1.26.3-3+deb13u4 (source) into proposed-updates |
| Date | Mon, 04 May 2026 23:50:01 +0200 |
| Message-ID | <MR9kR-2CAV-3@gated-at.bofh.it> (permalink) |
| X-Mailbox-Line | From debian-changes-request@lists.debian.org Mon May 4 21:47:57 2026 |
| Old-Return-Path | <envelope@ftp-master.debian.org> |
| X-Spam-Flag | NO |
| X-Spam-Score | -110.005 |
| X-Dak | dak process-policy |
| X-Debian | DAK |
| X-Debian-Package | nginx |
| Debian | DAK |
| Debian-Changes | nginx_1.26.3-3+deb13u4_source.changes |
| Debian-Source | nginx |
| Debian-Version | 1.26.3-3+deb13u4 |
| Debian-Architecture | source |
| Debian-Suite | proposed-updates |
| Debian-Archive-Action | accept |
| MIME-Version | 1.0 |
| Content-Type | multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============1758520767591423889==" |
| X-Debian-Message | from DAK |
| Reply-To | debian-devel@lists.debian.org |
| Mail-Followup-To | debian-devel@lists.debian.org |
| X-Mailing-List | <debian-changes@lists.debian.org> archive/latest/18291 |
| List-ID | <debian-changes.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-changes/> |
| List-Archive | https://lists.debian.org/msgid-search/E1wK18l-000000012dR-3udM@fasolo.debian.org |
| Approved | robomod@news.nic.it |
| Lines | 83 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Date | Mon, 04 May 2026 21:47:47 +0000 |
| X-Original-Message-ID | <E1wK18l-000000012dR-3udM@fasolo.debian.org> |
| Xref | csiph.com linux.debian.changes:13670 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 20 Apr 2026 17:52:06 +0000
Source: nginx
Architecture: source
Version: 1.26.3-3+deb13u4
Distribution: trixie
Urgency: medium
Maintainer: Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-lists.debian.net>
Changed-By: Jan Mojžíš <janmojzis@debian.org>
Changes:
nginx (1.26.3-3+deb13u4) trixie; urgency=medium
.
* d/conf/*_params: use "$host" instead of "$http_host"
* "$http_host" forwards the Host header exactly as supplied by the client
and may not match the effective request target (e.g. absolute-form
requests with a conflicting Host header)
this can expose inconsistent or attacker-controlled host values to
backend applications (uwsgi, fastcgi, scgi, proxy)
* switch to "$host" as a safer, normalized alternative
* note: this changes behaviour, as "$host" does not preserve the
client-supplied port; deployments relying on "$http_host" including
a port number may be affected
* it is workaround for Debian bug #1126960 for stable/oldstable release
Checksums-Sha1:
a1f101def71a027baa8409f19c5aeff822b6e15b 3827 nginx_1.26.3-3+deb13u4.dsc
4137e2de89ea09c688a120551770c2547d6de7c0 85516 nginx_1.26.3-3+deb13u4.debian.tar.xz
997c7754dd4f0d799af8072eb420f6b19a7a61fa 8270 nginx_1.26.3-3+deb13u4_source.buildinfo
Checksums-Sha256:
b283718e321ec7ac5bf0e481d649f492878f51ea431bf6ee761606a626b119ad 3827 nginx_1.26.3-3+deb13u4.dsc
92b5de81372aa36eb6c993de7d2f36e829cfeb18806dbf6fdb2fae125cb9f827 85516 nginx_1.26.3-3+deb13u4.debian.tar.xz
e940f37c6bc60fb39297b50f8fc4b4526d9c67c01aee78b1f4df97cd058547c9 8270 nginx_1.26.3-3+deb13u4_source.buildinfo
Files:
ac1d5cd43a29dc2c63bcd831e6827b99 3827 httpd optional nginx_1.26.3-3+deb13u4.dsc
aa41de08add6f90fde73596623938879 85516 httpd optional nginx_1.26.3-3+deb13u4.debian.tar.xz
542dc939372bccc938a5ce7bdaf9e4e9 8270 httpd optional nginx_1.26.3-3+deb13u4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCgAzFiEE0Aiwwj2EeeRrn8uQRdpRdJaTn/kFAmn46EoVHGphbm1vanpp
c0BkZWJpYW4ub3JnAAoJEEXaUXSWk5/54CAP/jyBO1QggbPR8txeb8wzpQTlRbol
Nr0aKGhnOEKThm2O8m5sHIDPF6QAqxtCTQavByVuOzGNsnOM6NmjNmg7/KSIS3r2
mY2A/2TfS//OqXTKbaGzTIbmWIisa8cFGAZKkIndX2Dz8x6lGcO4YzmEJ8iRZWBB
S04T72gckPrBUTpfdxvrJ/iFUmGCUJiPw0YJMYOJNwa9rr/sZal9qXalT7ltyk5o
5BBKRclDEI0+2KjcgD0b7DMWgQhNBCzub3EcakflYGCVd0beCrPPmoOkGpel7h2t
IJjJxAv6i/8TadI02V8yi1Pk2p4w1dQzY1v+D/++FnxkBTiVXRIA8pGG5Wzq5gPk
To1u4QSMymNzPSdBIyq597JqG4G5Kx+/MuyKcTiRf9DMnO5QYdBMLUdaBos8V0y/
2p9iFzbH6AnH4AStIhJDvm0p1T+ZvOLFd+I7Esk9dbEIZiC8FJYzSFaPZUad8Rh7
zCAf279AP07n9aFsVntjshOnYHqrrbHCD/4kzivk4UFfUyppFEJ548K2mZuP4ClE
E/4YYH1A34aHCZBSZNFio8B20BCbWRgyv+PvY4JT477hCTKcdP7jJ1+mIot6XUu7
KaORy9zOrDW/KNdftCgmaSjZHt61HnncBDqhgcnF/tq/R1ooH81HAxvlT/S3zEPK
+kMbX8/7HMuNUauJ
=ee/N
-----END PGP SIGNATURE-----
Back to linux.debian.changes | Previous | Next | Find similar
Accepted nginx 1.26.3-3+deb13u4 (source) into proposed-updates Debian FTP Masters <ftpmaster@ftp-master.debian.org> - 2026-05-04 23:50 +0200
csiph-web