Bug#1095403: ngix: CVE-2025-23419

bookworm p-u bugreport: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098353";

Bug#1095403: ngix: CVE-2025-23419

bookworm p-u bugreport: "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098353";

Bug#1095403: ngix: CVE-2025-23419

Hi, > On 18. 2. 2025, at 9:25, Andrej Shadura wrote: > > Hello, > > On Tue, 18 Feb 2025, at 09:14, Jan Mojzis wrote: >> I have independently tested a patch for bookworm nginx (1.22.1-9 version), >> and I got the same result. > > Thank you! > Are you planning to upload a fix for bookworm? Or sh

Bug#1095403: ngix: CVE-2025-23419

Hello, On Tue, 18 Feb 2025, at 09:14, Jan Mojzis wrote: > I have independently tested a patch for bookworm nginx (1.22.1-9 version), > and I got the same result. Thank you! Are you planning to upload a fix for bookworm? Or should I file the p-u request? > And if I understand correctly, support f

Bug#1095403: ngix: CVE-2025-23419

Hi, I have independently tested a patch for bookworm nginx (1.22.1-9 version), and I got the same result. The part of the upstream patch that cannot be applied is related to the module `ngx_stream_ssl_module` and `ngx_stream_ssl_servername` function, which is in older version (bullseye/bookworm) d

Bug#1095403: ngix: CVE-2025-23419

Hi Jan, On Fri, 07 Feb 2025 13:28:18 +0100 Salvatore Bonaccorso wrote: CVE-2025-23419[0]: | When multiple server blocks are configured to share the same IP | address and port, an attacker can use session resumption to bypass | client certificate authentication requirements on these servers. |

Bug#1095403: [Pkg-nginx-maintainers] Bug#1095403: ngix: CVE-2025-23419

Source: nginx Source-Version: 1.26.3-1 Hi Jérémy On Fri, Feb 07, 2025 at 01:35:22PM +0100, Jérémy Lal wrote: > Le ven. 7 févr. 2025 à 13:30, Salvatore Bonaccorso a > écrit : > > > Source: nginx > > Version: 1.26.0-3 > > Severity: important > > Tags: security upstream > > X-Debbugs-Cc: car...@de

Bug#1095403: [Pkg-nginx-maintainers] Bug#1095403: ngix: CVE-2025-23419

Le ven. 7 févr. 2025 à 13:30, Salvatore Bonaccorso a écrit : > Source: nginx > Version: 1.26.0-3 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team < > t...@security.debian.org> > Control: found -1 1.22.1-9 > > Hi, > > The following vulnerabili

Bug#1095403: ngix: CVE-2025-23419

Source: nginx Version: 1.26.0-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: found -1 1.22.1-9 Hi, The following vulnerability was published for nginx. CVE-2025-23419[0]: | When multiple server blocks are configured to share the same