Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 17 Jun 2026 19:59:30 +0000
From:      Jochen Neumeister <joneum@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: cb3db8256ee1 - main - security/vuxml: add entry for NGINX
Message-ID:  <6a32fca2.36e2a.197c92aa@gitrepo.freebsd.org>

index | next in thread | raw e-mail

The branch main has been updated by joneum:

URL: https://cgit.FreeBSD.org/ports/commit/?id=cb3db8256ee19e03db5209be40fe266cdc9c28ef

commit cb3db8256ee19e03db5209be40fe266cdc9c28ef
Author:     Jochen Neumeister <joneum@FreeBSD.org>
AuthorDate: 2026-06-17 19:58:44 +0000
Commit:     Jochen Neumeister <joneum@FreeBSD.org>
CommitDate: 2026-06-17 19:58:44 +0000

    security/vuxml: add entry for NGINX
    
    Add entry for NGINX
    
    Sponsored by:   Netzkommune GmbH
---
 security/vuxml/vuln/2026.xml | 45 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index 9d0df59ef6a3..e4a8081270c8 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,48 @@
+  <vuln vid="08b0c0f6-6a85-11f1-b8e5-3497f65b111b">
+   <topic>nginx -- multiple vulnerabilities</topic>
+   <affects>
+     <package>
+       <name>nginx</name>
+       <range><lt>1.31.2</lt></range>
+     </package>
+   </affects>
+   <description>
+     <body xmlns="http://www.w3.org/1999/xhtml">;
+       <p>The nginx developers report:</p>
+       <p>
+       A use-after-free vulnerability when using HTTP/3 and processing a
+       specially crafted QUIC session may allow memory corruption or a
+       segmentation fault in a worker process (CVE-2026-42530).
+       </p>
+       <p>
+       A heap memory buffer overflow vulnerability when using the
+       "ignore_invalid_headers off;" and "large_client_header_buffers"
+       directives with large configured values while proxying a specially
+       crafted request to an HTTP/2 or gRPC backend may allow memory
+       corruption or a segmentation fault in a worker process
+       (CVE-2026-42055).
+       </p>
+       <p>
+       A heap memory buffer overread vulnerability while handling a
+       specially crafted response with decoding from UTF-8 via the
+       "charset_map" directive may allow limited disclosure of worker
+       process memory or a segmentation fault in a worker process
+       (CVE-2026-48142).
+       </p>
+     </body>
+   </description>
+   <references>
+     <cvename>CVE-2026-42530</cvename>
+     <cvename>CVE-2026-42055</cvename>
+     <cvename>CVE-2026-48142</cvename>
+     <url>https://nginx.org/en/CHANGES</url>;
+   </references>
+   <dates>
+     <discovery>2026-06-17</discovery>
+     <entry>2026-06-17</entry>
+   </dates>
+ </vuln>
+
   <vuln vid="35598415-56de-4562-959c-11fb1fd2d995">
     <topic>jenkins -- multiple vulnerabilities</topic>
     <affects>


home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a32fca2.36e2a.197c92aa>