From: ankur.tyagi85@gmail.com
To: openembedded-devel@lists.openembedded.org
Cc: Gyorgy Sarvari <skandigraun@gmail.com>,
Khem Raj <khem.raj@oss.qualcomm.com>,
Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [oe][meta-webserver][whinlatter][PATCH 8/19] nginx: upgrade 1.28.2 -> 1.28.3
Date: Mon, 30 Mar 2026 23:38:35 +1300 [thread overview]
Message-ID: <20260330103846.3381644-8-ankur.tyagi85@gmail.com> (raw)
In-Reply-To: <20260330103846.3381644-1-ankur.tyagi85@gmail.com>
From: Gyorgy Sarvari <skandigraun@gmail.com>
Changes:
*) Security: a buffer overflow might occur while handling a COPY or MOVE
request in a location with "alias", allowing an attacker to modify
the source or destination path outside of the document root
(CVE-2026-27654).
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module on 32-bit platforms might cause a worker process
crash, or might have potential other impact (CVE-2026-27784).
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module might cause a worker process crash, or might have
potential other impact (CVE-2026-32647).
*) Security: a segmentation fault might occur in a worker process if the
CRAM-MD5 or APOP authentication methods were used and authentication
retry was enabled (CVE-2026-27651).
*) Security: an attacker might use PTR DNS records to inject data in
auth_http requests, as well as in the XCLIENT command in the backend
SMTP connection (CVE-2026-28753).
*) Security: SSL handshake might succeed despite OCSP rejecting a client
certificate in the stream module (CVE-2026-28755).
*) Change: now nginx limits the size and rate of QUIC stateless reset
packets.
*) Bugfix: receiving a QUIC packet by a wrong worker process could cause
the connection to terminate.
*) Bugfix: in the ngx_http_mp4_module.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 34b3d0f4917169c5cd568cdb13796a2d75f1fbf1)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
.../recipes-httpd/nginx/{nginx_1.28.2.bb => nginx_1.28.3.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-webserver/recipes-httpd/nginx/{nginx_1.28.2.bb => nginx_1.28.3.bb} (66%)
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.28.2.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.28.3.bb
similarity index 66%
rename from meta-webserver/recipes-httpd/nginx/nginx_1.28.2.bb
rename to meta-webserver/recipes-httpd/nginx/nginx_1.28.3.bb
index 9699b7189d..9872a6de3b 100644
--- a/meta-webserver/recipes-httpd/nginx/nginx_1.28.2.bb
+++ b/meta-webserver/recipes-httpd/nginx/nginx_1.28.3.bb
@@ -2,6 +2,6 @@ require nginx.inc
LIC_FILES_CHKSUM = "file://LICENSE;md5=3dc49537b08b14c8b66ad247bb4c4593"
-SRC_URI[sha256sum] = "20e5e0f2c917acfb51120eec2fba9a4ba4e1e10fd28465067cc87a7d81a829a3"
+SRC_URI[sha256sum] = "2c96a946bfb0882a21744ed429770a2123ae1828c7c48665092993ddee91a918"
CVE_STATUS[CVE-2025-53859] = "cpe-stable-backport: Fix is included in 1.28.1"
next prev parent reply other threads:[~2026-03-30 10:39 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-30 10:38 [oe][meta-oe][whinlatter][PATCH 1/19] iwd: update 3.10 -> 3.11 ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-oe][whinlatter][PATCH 2/19] iwd: upgrade 3.11 -> 3.12 ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-oe][whinlatter][PATCH 3/19] openldap: upgrade 2.6.10 -> 2.6.12 ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-oe][whinlatter][PATCH 4/19] openldap: upgrade 2.6.12 -> 2.6.13 ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-webserver][whinlatter][PATCH 5/19] hiawatha: upgrade 11.7 -> 11.8 ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-webserver][whinlatter][PATCH 6/19] hiawatha: fix SRC_URI ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-webserver][whinlatter][PATCH 7/19] nginx: upgrade 1.29.1 -> 1.29.2 ankur.tyagi85
2026-03-30 10:38 ` ankur.tyagi85 [this message]
2026-03-30 10:38 ` [oe][meta-python][whinlatter][PATCH 9/19] python3-astroid: upgrade 4.0.2 -> 4.0.4 ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-python][whinlatter][PATCH 10/19] python3-aiofiles: fix HOMEPAGE ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-python][whinlatter][PATCH 11/19] python3-alembic: add HOMEPAGE ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-python][whinlatter][PATCH 12/19] python3-apiflash: upgrade 3.0.0 -> 3.0.2 ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-gnome][whinlatter][PATCH 13/19] nautilus: upgrade 49.2 -> 49.3 ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-gnome][whinlatter][PATCH 14/19] nautilus: upgrade 49.3 -> 49.4 ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-gnome][whinlatter][PATCH 15/19] nautilus: update 49.4 -> 49.5 ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-gnome][whinlatter][PATCH 16/19] gvfs: upgrade 1.58.0 -> 1.58.1 ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-gnome][whinlatter][PATCH 17/19] gvfs: upgrade 1.58.1 -> 1.58.2 ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-gnome][whinlatter][PATCH 18/19] gvfs: upgrade 1.58.2 -> 1.58.4 ankur.tyagi85
2026-03-30 10:38 ` [oe][meta-gnome][whinlatter][PATCH 19/19] libwnck3: upgrade 43.2 -> 43.3 ankur.tyagi85
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260330103846.3381644-8-ankur.tyagi85@gmail.com \
--to=ankur.tyagi85@gmail.com \
--cc=khem.raj@oss.qualcomm.com \
--cc=openembedded-devel@lists.openembedded.org \
--cc=skandigraun@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox