-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Feb 2025 19:43:51 +0100 Source: nginx Architecture: source Version: 1.18.0-6.1+deb11u4 Distribution: bullseye-security Urgency: high Maintainer: Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-lists.debian.net> Changed-By: Andrej Shadura <andrewsh@debian.org> Changes: nginx (1.18.0-6.1+deb11u4) bullseye-security; urgency=high . * Non-maintainer upload by the LTS Team. * Backport upstream patch for CVE-2025-23419. Compared to the original patch which fixes the issue in http/ngx_http_request and stream/ngx_stream_ssl_module, this backport only addresses it in http/ngx_http_request since the other location does not exist yet in this source version. * Apply upstream patch for CVE-2024-7347. Checksums-Sha1: 28fd134747a5ce4ad92d23a7e3cc2b05421384a7 4185 nginx_1.18.0-6.1+deb11u4.dsc c689c0505d082057969735fc72c00b19ca5bf3e9 1043116 nginx_1.18.0-6.1+deb11u4.debian.tar.xz 5ee933f13048f30da151c1fdac003baad378df5c 6010 nginx_1.18.0-6.1+deb11u4_source.buildinfo Checksums-Sha256: 9faad3b2a73cf1902ffff8e1e4b3fc24e687d27666964d014d11a06c36b6057c 4185 nginx_1.18.0-6.1+deb11u4.dsc c7bb12e95fa7302bd6742c17ddedbaa45c194e8c0156f4bfdcd11b38193e72e5 1043116 nginx_1.18.0-6.1+deb11u4.debian.tar.xz a7fcd1c84d973e40bdb6065c57138ac1ff6547b9a544bf3530a0781865d6046b 6010 nginx_1.18.0-6.1+deb11u4_source.buildinfo Files: bf9b864edf1d895e4dd479d936a9e651 4185 httpd optional nginx_1.18.0-6.1+deb11u4.dsc fb2a657227647f021817a29d10ae229a 1043116 httpd optional nginx_1.18.0-6.1+deb11u4.debian.tar.xz f857a2f258a945d7dbc4c19108491641 6010 httpd optional nginx_1.18.0-6.1+deb11u4_source.buildinfo -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCZ+JxyQAKCRDoRGtKyMdy YQ2YAQDvJEqv8ZYr/Wm9NWzhY6hgIZVvBgZ/Aj3PbuXr0jQhbQD+PaIHZ6zMv1Ri t0lr7PHivbrWAGue44d2v06FKovYUgQ= =90Ch -----END PGP SIGNATURE-----
