Format: 1.8 Date: Thu, 18 Apr 2024 09:15:36 +0200 Source: nghttp2 Binary: libnghttp2-14 libnghttp2-dev nghttp2-client nghttp2-proxy nghttp2-server Architecture: arm64 Version: 1.40.0-1ubuntu0.3 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Fabian Toepfer Description: libnghttp2-14 - library implementing HTTP/2 protocol (shared library) libnghttp2-dev - library implementing HTTP/2 protocol (development files) nghttp2-client - client implementing HTTP/2 protocol nghttp2-proxy - reverse proxy implementing HTTP/2 protocol nghttp2-server - server implementing HTTP/2 protocol Changes: nghttp2 (1.40.0-1ubuntu0.3) focal-security; urgency=medium . * SECURITY UPDATE: HTTP/2 protocol denial of service - debian/patches/CVE-2024-28182-1.patch: Add nghttp2_option_set_max_continuations - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames following an incoming HEADER frame - CVE-2024-28182 Checksums-Sha1: 955acc5fe3d184b9fbd483bc3a80ccc9d8cb7a50 186012 libnghttp2-14-dbgsym_1.40.0-1ubuntu0.3_arm64.ddeb 4466a12ce8c19160a297932c5c8a92e3855c491d 75524 libnghttp2-14_1.40.0-1ubuntu0.3_arm64.deb d3ad8ff4e62b936f63f27443de5eb24ae04431ab 95572 libnghttp2-dev_1.40.0-1ubuntu0.3_arm64.deb 9b81e21ecf7a5f1648e17f770f5f7e8c9b7b6ec6 1849808 nghttp2-client-dbgsym_1.40.0-1ubuntu0.3_arm64.ddeb 4c050dec49e863ac2d30cf9ff2b66bd1d6fc4d53 140972 nghttp2-client_1.40.0-1ubuntu0.3_arm64.deb 7a5f576310646025429d9e00ca45ddb982b8cb18 5009412 nghttp2-proxy-dbgsym_1.40.0-1ubuntu0.3_arm64.ddeb 5fe717e42dde590b9fbc7eba58ff9eabb469c05a 333360 nghttp2-proxy_1.40.0-1ubuntu0.3_arm64.deb e47f0f668d86e8dd4f9b9b922c3653456d6dc477 917784 nghttp2-server-dbgsym_1.40.0-1ubuntu0.3_arm64.ddeb 30114e3d0e6ce47da489e999220876d803b1a664 81932 nghttp2-server_1.40.0-1ubuntu0.3_arm64.deb 34827f4bac804a75a63e54d93b6479fdaaac73e4 8597 nghttp2_1.40.0-1ubuntu0.3_arm64.buildinfo Checksums-Sha256: 62f97fa4bbf34f3ba2d2cbe0b7be92ac3130cd9530bbf4dd512ef0fd5d3aab45 186012 libnghttp2-14-dbgsym_1.40.0-1ubuntu0.3_arm64.ddeb 6159d358bf9e92855547cb24767377491a9c3d5cbd69eebb7ac7c1f9013453f1 75524 libnghttp2-14_1.40.0-1ubuntu0.3_arm64.deb 0e2e86dfb67ad02b2b04e6c0d7ec3ef241234d1b8b5a510a0cd706e81dfc2f2f 95572 libnghttp2-dev_1.40.0-1ubuntu0.3_arm64.deb c60ac0ba89e67e128ef1bebe958ca9f9f608470f67f6446d56e6b016d4f04333 1849808 nghttp2-client-dbgsym_1.40.0-1ubuntu0.3_arm64.ddeb 1b612b8a01c4a2034eb1420a8ae62725b44c6f9237f6ec61b52d7ca4f50afc8e 140972 nghttp2-client_1.40.0-1ubuntu0.3_arm64.deb e1977a772dbc6e98309820f9e8324498a98ae4af90203d111095ae22158a4f9c 5009412 nghttp2-proxy-dbgsym_1.40.0-1ubuntu0.3_arm64.ddeb 91ce497d286a12680a64678d04e2fe06b1cc1f1bb58065fe61c2e72287ec1b0f 333360 nghttp2-proxy_1.40.0-1ubuntu0.3_arm64.deb 27684492e0b04077f66754bd6705a1f489a4efab485c63a2369af5f0bc41fbae 917784 nghttp2-server-dbgsym_1.40.0-1ubuntu0.3_arm64.ddeb fb8765b3a9b624e5ad3837310de490b43b65f9f7218f46615c5c29ce105a6aaf 81932 nghttp2-server_1.40.0-1ubuntu0.3_arm64.deb cb6132efe0b52944eeabe47c032f6bf6d818bf70b2657827312386b5d3159ec2 8597 nghttp2_1.40.0-1ubuntu0.3_arm64.buildinfo Files: 6e3b484babc3710ff5b2176b52cd9c06 186012 debug optional libnghttp2-14-dbgsym_1.40.0-1ubuntu0.3_arm64.ddeb e70330348856d6ecc2ee84f4102dce67 75524 libs optional libnghttp2-14_1.40.0-1ubuntu0.3_arm64.deb 58d16d84e1bd9a25baa033b3a3453bb2 95572 libdevel optional libnghttp2-dev_1.40.0-1ubuntu0.3_arm64.deb 61ef47694e08bab532747fbf26869048 1849808 debug optional nghttp2-client-dbgsym_1.40.0-1ubuntu0.3_arm64.ddeb b4b585c7697a44ac5986192a44e0e51d 140972 httpd optional nghttp2-client_1.40.0-1ubuntu0.3_arm64.deb 60f711dd4e6823c70057857bd5b0b110 5009412 debug optional nghttp2-proxy-dbgsym_1.40.0-1ubuntu0.3_arm64.ddeb 78e4b40eb6a911432f7d816c8dcdb6b7 333360 httpd optional nghttp2-proxy_1.40.0-1ubuntu0.3_arm64.deb 4b3d1e5938134e5f5bb0cd3d37769001 917784 debug optional nghttp2-server-dbgsym_1.40.0-1ubuntu0.3_arm64.ddeb 088395aa3a0c33a2742a5b6b1e143ab4 81932 httpd optional nghttp2-server_1.40.0-1ubuntu0.3_arm64.deb 9245da7e459656de5632860e065ca8e7 8597 httpd optional nghttp2_1.40.0-1ubuntu0.3_arm64.buildinfo Original-Maintainer: Tomasz Buchert