Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libnginx-mod-js 0.9.9-1 (source) into unstable
Date: Thu, 21 May 2026 12:48:49 +0000
Signed by: Jérémy Lal <kapouer@melix.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 21 May 2026 10:26:11 +0200
Source: libnginx-mod-js
Architecture: source
Version: 0.9.9-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-lists.debian.net>
Changed-By: Jérémy Lal <kapouer@melix.org>
Closes: 1137215
Changes:
 libnginx-mod-js (0.9.9-1) unstable; urgency=medium
 .
   * New upstream version 0.9.9
     CVE-2026-8711: Heap buffer overflow in a worker process when the
     js_fetch_proxy directive value contains nginx variables derived from
     the client request and the location's JS handler invokes ngx.fetch().
     Closes: #1137215.
 .
   [ Miao Wang ]
   * Separate the build directory for the njs CLI tool, to prevent the
     compiled modules from being linked with the .a files of the CLI tool,
     which causes the njs JS engine fails to load.
Checksums-Sha1:
 76f59d8f712d478e24ebf752cb2f147faa332f83 2302 libnginx-mod-js_0.9.9-1.dsc
 8ad35183b5546657c7bb6b9c57c13999b1762983 994416 libnginx-mod-js_0.9.9.orig.tar.gz
 0c1e5dffd60dd4c98760620922bbf55d4dab7d2d 6520 libnginx-mod-js_0.9.9-1.debian.tar.xz
 625351b9ee8d1e8011b89d7920ecfd13faef60e7 10337 libnginx-mod-js_0.9.9-1_source.buildinfo
Checksums-Sha256:
 aca63901e7e76b4b6674786de948d1b99ca72deda7c67c1b8b1de11340e2f37e 2302 libnginx-mod-js_0.9.9-1.dsc
 ac98f680c48b3a00e80e047372d29cd6e7b423eeba26a64e9cbc40a6f8dbee2b 994416 libnginx-mod-js_0.9.9.orig.tar.gz
 dcaf6053035f9bb537e5cc75fa975e5e26300c7fe2c68a7df704a27110576f1f 6520 libnginx-mod-js_0.9.9-1.debian.tar.xz
 960f03c1cd34e63b99e837a853c6d73d1a5023b913835898584ec0fe01684c68 10337 libnginx-mod-js_0.9.9-1_source.buildinfo
Files:
 43649deb220a3f6baa611e7f21e79780 2302 httpd optional libnginx-mod-js_0.9.9-1.dsc
 b88ee93fa47dc23519cc537a7db57e0c 994416 httpd optional libnginx-mod-js_0.9.9.orig.tar.gz
 ec9621afee28538ec6194f2d6153b3df 6520 httpd optional libnginx-mod-js_0.9.9-1.debian.tar.xz
 bc0a2f17d6bc3d191d80ec26999a6d65 10337 httpd optional libnginx-mod-js_0.9.9-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCAAwFiEEA8Tnq7iA9SQwbkgVZhHAXt0583QFAmoO+acSHGthcG91ZXJA
bWVsaXgub3JnAAoJEGYRwF7dOfN0pzwP/3QW5ThsoauS+ua5RdOlxz3qaeE/efoQ
f0aVKeDsKOeSaK6Um5HRlMS0xj63O2mUNB8bXkpSDDpPaRopLjs6A6SL4/ffEOis
6lumc3ygsp+YrWkssUxVnAKfpKmX1yuxSUAtUVlSoNgHAVL8HlIuDTLdVh6V5qrV
mJkhPSxGzQNNkqEInIYeLcyO+Up6TfRTnpGJWzoER2IWzWGQhaf42DpX4I3Wfr4r
3PGy5/1Rlw1USuZltqcm/+ctN7Jq/YTycscSp86kojcts0rF5IvrWSob9TjEsabI
Gw9/1kc1VFZVZit0ZMpJNrlBJ69YBG+D9wSYeNM+LWgNl5/U6uW+2fhCCud1E6UO
v2ByFUX+xCM+osLcRtQ5eFOa3RXh0CrUIP50ArtimXmhzW6SkWdmWeHE2JYEnaB7
hWKwHlc3SjYbgomKLLHT0zZYRyKb8UCGRczDzehJ1PzW4gwYKY42rgpshv6qvZ2D
//dKeWyAj/F4GPP0pWQi2tM/EIvcA5EJOtQLCZsTIh8HrEV4HK8mfWipOb+4DSz0
+sf1KI9dRzkaGkc40/V07cEMzfHHh3fY/hZoWNqF/6MmIqVeki2iRP5LwlJLIFns
1cl0fU+vypJlD2IrOv2bo1mBDfqwVpuqhVakpNHBXGg8WYLoabOnSLJIUzPiaPhF
NQyyVmgQdXIx
=/sUL
-----END PGP SIGNATURE-----
News for package libnginx-mod-js
