-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 May 2026 14:13:33 +0000
Source: nginx
Architecture: source
Version: 1.26.3-3+deb13u5
Distribution: trixie-security
Urgency: medium
Maintainer: Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-lists.debian.net>
Changed-By: Jan Mojžíš <janmojzis@debian.org>
Changes:
 nginx (1.26.3-3+deb13u5) trixie-security; urgency=medium
 .
   * backport changes from upstream nginx, HTTP/3 address spoofing
     (CVE-2026-40460), buffer overflow in the ngx_http_rewrite_module
     (CVE-2026-42945), buffer overread in the ngx_http_scgi_module and
     ngx_http_uwsgi_module (CVE-2026-42946), resolver use-after-free in OCSP
     (CVE-2026-40701), buffer overread in the ngx_http_charset_module
     (CVE-2026-42934)
     * d/p/CVE-2026-40460.patch add
     * d/p/CVE-2026-42945.patch add
     * d/p/CVE-2026-42946.patch add
     * d/p/CVE-2026-40701.patch add
     * d/p/CVE-2026-42934.patch add
Checksums-Sha1:
 d7cf3c28d1968e4e979a6aa889441d22d899ac9b 3586 nginx_1.26.3-3+deb13u5.dsc
 4207a2844e6542292465427e25b76e24d01a85b6 1260179 nginx_1.26.3.orig.tar.gz
 6db95e1ed5304ded0b833060675917d46f838c11 88208 nginx_1.26.3-3+deb13u5.debian.tar.xz
 128b1b7e155f318f614482e4ce6adbc942e19826 8270 nginx_1.26.3-3+deb13u5_source.buildinfo
Checksums-Sha256:
 493137be93b6c8a50ecd77b5b33e6363519b64babef25792203120a420c01824 3586 nginx_1.26.3-3+deb13u5.dsc
 69ee2b237744036e61d24b836668aad3040dda461fe6f570f1787eab570c75aa 1260179 nginx_1.26.3.orig.tar.gz
 d59e97cc7239ba2905b43e5d6107373695668ca808bc2a3c40504661fe7f09d9 88208 nginx_1.26.3-3+deb13u5.debian.tar.xz
 db994d96c4cd3ab25d6f3a1eae0f90b9834e1cec08232cd4a001631668620525 8270 nginx_1.26.3-3+deb13u5_source.buildinfo
Files:
 eac964c24df68d2912cde2639e36db2d 3586 httpd optional nginx_1.26.3-3+deb13u5.dsc
 75f8fdd88469c4d31e0715e186b2f1f9 1260179 httpd optional nginx_1.26.3.orig.tar.gz
 7c6b0d1f825d265244c54c3770e6b46a 88208 httpd optional nginx_1.26.3-3+deb13u5.debian.tar.xz
 06dacdef6dc0b68323e08da5ac0c2158 8270 httpd optional nginx_1.26.3-3+deb13u5_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCgAzFiEE0Aiwwj2EeeRrn8uQRdpRdJaTn/kFAmoIBEoVHGphbm1vanpp
c0BkZWJpYW4ub3JnAAoJEEXaUXSWk5/5gEsP/jUemrqpFD3MXGd2bscR6eu8qGpf
b1aT+3t+ZVZdGdoYhZSfZBL6VORt59hmLF13uYffSB1wq7AljhIL/NiyB/hZB/4k
Qh+JGTn3WD1UW6EdHl5Ijxd1ZmiLvUOussEVAxxLNk24E+Y/OTBQvju3vEj9qu8x
sPzebxUnXfZDJeLbju1PPI0ugrdm966fTJioABrXC+N2gRgB31b5TpQktMoFykuM
amSXJHH0f5P1IV51+ZSQwjnZ/q25zC3aGfHNyf//v0lT5r8gow08Jr3kxdO2Y3jf
s4f07a4B6yiRXrVe8caZn74jKG9luceH/7+pnAX84WAwql2CgYPBLDa7/g/noBj2
Kdz9GnRwKwHhrWcibpHNlollyAh5dl2BljXsq0nBXn3gbVypkAmDUJH6Dv4ZZSh0
QgZcP11v1UYwAkD1hXc78NmQ71oFs99GPokJ0BDTjTG1gf3vtNSPDpH01NoEChHc
JEUs1u02t2xNLWDo7NoAZOJs1z+fAer0OQFPFkt3m4dLF2x72mnLer3xvh0jnjo1
3UR1yqiEZCCyTZIjuQ4/G4geqzohixTDZFypS84/M8Ftq1yIcTItB+nwLv1M/fsu
kmT8C6SxDau62ygEqELbSyWxv6HJd3gPGIGEdE+BH1P+Prl+yzDkBAUrXt9fVJjA
hz1I5tbGFVTj3x2c
=Cj+H
-----END PGP SIGNATURE-----