Date: Fri, 19 Jun 2026 09:02:33 +0200 From: Jochen Neumeister <joneum@FreeBSD.org> To: Bryan Drewery <bdrewery@FreeBSD.org>, ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: Re: git: 14b3a97af857 - main - www/nginx: Update to 1.30.3 Message-ID: <deb19efa-e0ce-431c-bba7-30e0fddd7f4a@FreeBSD.org> In-Reply-To: <bd9f90bd-54fc-442a-b619-a1eb0ba2164f@FreeBSD.org> References: <6a34162b.4502c.a03d686@gitrepo.freebsd.org> <bd9f90bd-54fc-442a-b619-a1eb0ba2164f@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
Am 18.06.26 um 22:22 schrieb Bryan Drewery: > On 6/18/26 9:00 AM, Jochen Neumeister wrote: >> The branch main has been updated by joneum: >> >> URL:https://cgit.FreeBSD.org/ports/commit/? >> id=14b3a97af857aa71cbf1b91921e530b34f440c31 >> >> commit 14b3a97af857aa71cbf1b91921e530b34f440c31 >> Author: Jochen Neumeister<joneum@FreeBSD.org> >> AuthorDate: 2026-06-18 15:59:46 +0000 >> Commit: Jochen Neumeister<joneum@FreeBSD.org> >> CommitDate: 2026-06-18 15:59:46 +0000 >> >> www/nginx: Update to 1.30.3 >> Changes with nginx 1.30.3 >> 17 Jun >> 2026 >> *) Security: a heap memory buffer overflow might occur in a >> worker >> process when using a configuration with >> "ignore_invalid_headers >> off;" >> and "large_client_header_buffers" with large configured >> values >> when >> proxying a specially crafted request to HTTP/2 or gRPC >> backend, >> allowing an attacker to cause worker process memory >> corruption or >> segmentation fault in a worker process (CVE-2026-42055). >> Thanks to Mufeed VH of Winfunc Research. >> *) Security: a heap memory buffer overread might occur in a >> worker >> process while handling a specially sent response with >> decoding >> from >> UTF-8 via the "charset_map" directive, allowing an >> attacker to >> cause >> a limited disclosure of worker proccess memory or >> segmentation >> fault >> in a worker process (CVE-2026-48142). >> Thanks to Han Yan of Xiaomi and p4p3r of CYBERONE. >> Sponsored by: Netzkommune GmbH > > Are you planing to bring this into quarterly? > > > Yeah, that's landing today in Q2 2026 :)home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?deb19efa-e0ce-431c-bba7-30e0fddd7f4a>
