-
nghttp2 (1.40.0-1ubuntu0.3) focal-security; urgency=medium
* SECURITY UPDATE: HTTP/2 protocol denial of service
- debian/patches/CVE-2024-28182-1.patch: Add
nghttp2_option_set_max_continuations
- debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
following an incoming HEADER frame
- CVE-2024-28182
-- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:15:36 +0200
-
nghttp2 (1.40.0-1ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: HTTP/2 protocol denial of service
- debian/patches/CVE-2023-44487.patch: implement stream reset rate
limiting.
- CVE-2023-44487
-- Marc Deslauriers <email address hidden> Wed, 11 Oct 2023 17:39:46 -0400
-
nghttp2 (1.40.0-1ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2020-11080-[1-2].patch: fixed a denial of service,
potentially caused by large SETTINGS frames, in the module
- CVE-2020-11080
-- Amir Naseredini <email address hidden> Wed, 31 May 2023 17:41:38 +0100
-
nghttp2 (1.40.0-1build1) focal; urgency=medium
* No-change rebuild for libgcc-s1 package name change.
-- Matthias Klose <email address hidden> Sun, 22 Mar 2020 16:51:32 +0100
-
nghttp2 (1.40.0-1) unstable; urgency=medium
* New upstream release 1.40.0
-- Tomasz Buchert <email address hidden> Tue, 19 Nov 2019 09:15:49 +0100
-
nghttp2 (1.39.2-1) unstable; urgency=medium
* New upstream release 1.39.2 (Closes: #934762)
-- Tomasz Buchert <email address hidden> Thu, 15 Aug 2019 21:14:38 +0200