Date: Wed, 17 Jun 2026 19:59:30 +0000 From: Jochen Neumeister <joneum@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: cb3db8256ee1 - main - security/vuxml: add entry for NGINX Message-ID: <6a32fca2.36e2a.197c92aa@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by joneum: URL: https://cgit.FreeBSD.org/ports/commit/?id=cb3db8256ee19e03db5209be40fe266cdc9c28ef commit cb3db8256ee19e03db5209be40fe266cdc9c28ef Author: Jochen Neumeister <joneum@FreeBSD.org> AuthorDate: 2026-06-17 19:58:44 +0000 Commit: Jochen Neumeister <joneum@FreeBSD.org> CommitDate: 2026-06-17 19:58:44 +0000 security/vuxml: add entry for NGINX Add entry for NGINX Sponsored by: Netzkommune GmbH --- security/vuxml/vuln/2026.xml | 45 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 9d0df59ef6a3..e4a8081270c8 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,48 @@ + <vuln vid="08b0c0f6-6a85-11f1-b8e5-3497f65b111b"> + <topic>nginx -- multiple vulnerabilities</topic> + <affects> + <package> + <name>nginx</name> + <range><lt>1.31.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The nginx developers report:</p> + <p> + A use-after-free vulnerability when using HTTP/3 and processing a + specially crafted QUIC session may allow memory corruption or a + segmentation fault in a worker process (CVE-2026-42530). + </p> + <p> + A heap memory buffer overflow vulnerability when using the + "ignore_invalid_headers off;" and "large_client_header_buffers" + directives with large configured values while proxying a specially + crafted request to an HTTP/2 or gRPC backend may allow memory + corruption or a segmentation fault in a worker process + (CVE-2026-42055). + </p> + <p> + A heap memory buffer overread vulnerability while handling a + specially crafted response with decoding from UTF-8 via the + "charset_map" directive may allow limited disclosure of worker + process memory or a segmentation fault in a worker process + (CVE-2026-48142). + </p> + </body> + </description> + <references> + <cvename>CVE-2026-42530</cvename> + <cvename>CVE-2026-42055</cvename> + <cvename>CVE-2026-48142</cvename> + <url>https://nginx.org/en/CHANGES</url> + </references> + <dates> + <discovery>2026-06-17</discovery> + <entry>2026-06-17</entry> + </dates> + </vuln> + <vuln vid="35598415-56de-4562-959c-11fb1fd2d995"> <topic>jenkins -- multiple vulnerabilities</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a32fca2.36e2a.197c92aa>
