-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 20 Apr 2026 17:52:06 +0000 Source: nginx Binary: nginx-common nginx-core nginx-dev nginx-doc nginx-full nginx-light Architecture: all Version: 1.26.3-3+deb13u4 Distribution: trixie Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Jan Mojžíš Description: nginx-common - small, powerful, scalable web/proxy server - common files nginx-core - nginx web/proxy server (standard version) nginx-dev - nginx web/proxy server - development headers nginx-doc - small, powerful, scalable web/proxy server - documentation nginx-full - nginx web/proxy server (standard version with 3rd parties) nginx-light - nginx web/proxy server (basic version) Changes: nginx (1.26.3-3+deb13u4) trixie; urgency=medium . * d/conf/*_params: use "$host" instead of "$http_host" * "$http_host" forwards the Host header exactly as supplied by the client and may not match the effective request target (e.g. absolute-form requests with a conflicting Host header) this can expose inconsistent or attacker-controlled host values to backend applications (uwsgi, fastcgi, scgi, proxy) * switch to "$host" as a safer, normalized alternative * note: this changes behaviour, as "$host" does not preserve the client-supplied port; deployments relying on "$http_host" including a port number may be affected * it is workaround for Debian bug #1126960 for stable/oldstable release Checksums-Sha1: 9690b621e38d34cd2cf74225d32458b29569c2af 110608 nginx-common_1.26.3-3+deb13u4_all.deb 1da3fe3d11ec846629266dffc490f9138b7dc466 83820 nginx-core_1.26.3-3+deb13u4_all.deb 45b8374fb8911ac1842496076dcb34d514a00090 196700 nginx-dev_1.26.3-3+deb13u4_all.deb 500be9b56def11911382c03de1efc8b94728a53c 91932 nginx-doc_1.26.3-3+deb13u4_all.deb c46a789cf0451327b79a19eee7caa24acaa534a3 83836 nginx-full_1.26.3-3+deb13u4_all.deb 8584e042a5fc48c8c4b3f34cf78fc4f8e6677e25 83588 nginx-light_1.26.3-3+deb13u4_all.deb ff4925720ddc6743cdca2aa7e55118cb883d1b64 9783 nginx_1.26.3-3+deb13u4_all-buildd.buildinfo Checksums-Sha256: 4eebf07947a1399fa4e2afe8b81bdfd4a769e0288946b80aa2f351eedaacea6c 110608 nginx-common_1.26.3-3+deb13u4_all.deb 17a4921e6feef969cd15697b7905d9d02e710d93290eb5b671c11c69634866b2 83820 nginx-core_1.26.3-3+deb13u4_all.deb 21ed97c7f53af829d70cb7acdb38be25b4adae58363eec9f59a93c4409d7a357 196700 nginx-dev_1.26.3-3+deb13u4_all.deb 7a535d3dd1ae4b5778c9cfc874343c1560fee28831f0ac066c52cfa780d0b89e 91932 nginx-doc_1.26.3-3+deb13u4_all.deb 1b33368cd5a60301ddbbed317b3ba1fcc83de4bb512cd61917aeec8440eea4c8 83836 nginx-full_1.26.3-3+deb13u4_all.deb b1c9c7a6e514fed9c933a9a2a6a357c8462f2e3046eee103c61387c40034e05d 83588 nginx-light_1.26.3-3+deb13u4_all.deb db8c7da33f6f1f123f2a5850d7cef1929b52617f55817589f7e81520a0e372d3 9783 nginx_1.26.3-3+deb13u4_all-buildd.buildinfo Files: e102324817cd413544b5560bb45c3672 110608 httpd optional nginx-common_1.26.3-3+deb13u4_all.deb a2505b3347c90de46fbf0f1531d420d7 83820 httpd optional nginx-core_1.26.3-3+deb13u4_all.deb c1d37f6decd853034b48c85b71f06fd8 196700 httpd optional nginx-dev_1.26.3-3+deb13u4_all.deb afb2f4e6ab4d07c664d57fae5b8745c6 91932 doc optional nginx-doc_1.26.3-3+deb13u4_all.deb 7a06eb9074d8e6df5931dff871d536ee 83836 httpd optional nginx-full_1.26.3-3+deb13u4_all.deb 9e525c9451a3ee4b862e10611224dee7 83588 httpd optional nginx-light_1.26.3-3+deb13u4_all.deb fcc1fd86b9f045d3c93f6489c5d8c4cc 9783 httpd optional nginx_1.26.3-3+deb13u4_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXLxUpUHQBQBTDtd4aBVi67oXtfkFAmn5Ft0ACgkQaBVi67oX tfkGWg/9FBvGIIrHY+onlyMb/KZzxe7wOhBnWWEXjWQapCHhOlu8UX4j55wyrzhR 3S81QiYkFVArTzQVoe/j/RwzBFNPzbSe68JToaAfykmaFOJb8J4ui+sbKb+4X0Iv 2r2cr46FtuMa40vfS1wY2kHigwuBedAPJzBpUq0QrLCdNgDPxM57CTZm2KMPK1Zh ut04KcsmDvnvyttDk+xwNeuPviobzCn+PN42BaxlSmQj/qCkH6G6Mvb3JHVDeoqY PNQzX0Ap5tKHcxoKGl7NiEonsxo0Li4I8oRDwjYaDLNwhd6E0fjRppHFr2/NLune QdAhzTxpSgG41i1UFsVfYkcDr1SVq5QNG4krqyu1jWMPpzpMydsU90AeLnBjfwAz O07wi9SZwPo7tCR9qscsuzyEPKqqXEXF2HlCSutWhscoBRH0rbeJ9GjIVPGGKYDc evRZ2l6nycPwcJqsG2GDKSTcwLotYYHbAfHH+yoGJjmi0Ycou+p+r+7C9SMQZhsw kzzlEGioU5V0i7a4mI4CKvxnU205gu6Q6B269FNUSIHo2fe3I3cZ4d8J6LT3+FkE SNmX4G53640RfBtRKHHIMMWIk24aXpYk2/HPwVpwlg/oH/Lkkv1FpptgjkWofskj zPHHOYgmNfIo4y0qB3ZamiEFZwn3hvGQMUoz81rANhqyQUdoJSg= =Vq+t -----END PGP SIGNATURE-----