Bug#1112451: trixie-pu: package nginx/1.26.3-3+deb13u1 (fix CVE-2025-53859)

To: Jan Mojzis <janmojzis@debian.org>, 1112451@bugs.debian.org
Subject: Bug#1112451: trixie-pu: package nginx/1.26.3-3+deb13u1 (fix CVE-2025-53859)
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 30 Aug 2025 13:00:44 +0100
Message-id: <[🔎] 916712cd06d3c0b6b0b12a3fc58aaff28389d464.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1112451@bugs.debian.org
In-reply-to: <[🔎] 175647921476.36207.9289003933744578199.reportbug@dev.h.mojzis.com>
References: <[🔎] 175647921476.36207.9289003933744578199.reportbug@dev.h.mojzis.com> <[🔎] 175647921476.36207.9289003933744578199.reportbug@dev.h.mojzis.com>

Control: tags -1 + confirmed

On Fri, 2025-08-29 at 16:53 +0200, Jan Mojzis wrote:
> A security issue was identified in ngx_mail_smtp_module,
> which might allow an attacker to cause buffer over-read,
> potentially resulting in sensitive information leak
> in a HTTP request to the authentication server (CVE-2025-53859).

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#1112451: trixie-pu: package nginx/1.26.3-3+deb13u1 (fix CVE-2025-53859)
  - From: Jan Mojzis <janmojzis@debian.org>

Prev by Date: NEW changes in stable-new
Next by Date: Processed: Re: Bug#1112451: trixie-pu: package nginx/1.26.3-3+deb13u1 (fix CVE-2025-53859)
Previous by thread: Processed: trixie-pu: package nginx/1.26.3-3+deb13u1 (fix CVE-2025-53859)
Next by thread: Processed: Re: Bug#1112451: trixie-pu: package nginx/1.26.3-3+deb13u1 (fix CVE-2025-53859)
Index(es):
- Date
- Thread