Univention Bugzilla – Bug 57251
nghttp2: Multiple issues (5.0)
Last modified: 2024-05-08 12:38:03 CEST
New Debian nghttp2 1.36.0-2+deb10u3 fixes: This update addresses the following issue: 1.36.0-2+deb10u3 (Tue, 30 Apr 2024 18:59:06 +0200) * Non-maintainer upload by the LTS Security Team. * Fix CVE-2024-28182: An implementation using the nghttp2 library will continue to receive CONTINUATION frames, and will not callback to the application to allow visibility into this information before it resets the stream, resulting in Denial of Service. * d/libnghttp2-14.symbols: Add missig symbol from the backported upstream fix.
--- mirror/ftp/pool/main/n/nghttp2/nghttp2_1.36.0-2+deb10u2.dsc +++ apt/ucs_5.0-0-errata5.0-7/source/nghttp2_1.36.0-2+deb10u3.dsc @@ -1,3 +1,13 @@ +1.36.0-2+deb10u3 [Tue, 30 Apr 2024 18:59:06 +0200] Guilhem Moulin <guilhem@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Fix CVE-2024-28182: An implementation using the nghttp2 library will + continue to receive CONTINUATION frames, and will not callback to the + application to allow visibility into this information before it resets the + stream, resulting in Denial of Service. (Closes: #1068415) + * d/libnghttp2-14.symbols: Add missig symbol from the backported upstream + fix. + 1.36.0-2+deb10u2 [Mon, 16 Oct 2023 13:34:24 +0100] Sean Whitton <spwhitton@spwhitton.name>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/5.0-7/#3135585559382814983>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-7] 8133ff20ba Bug #57251: nghttp2 1.36.0-2+deb10u3 doc/errata/staging/nghttp2.yaml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) [5.0-7] 489a1b8c4c Bug #57251: nghttp2 1.36.0-2+deb10u3 doc/errata/staging/nghttp2.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x1037>