Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 915550 - net-libs/nghttp2: version bump to 1.57.0 for CVE-2023-44487
Summary: net-libs/nghttp2: version bump to 1.57.0 for CVE-2023-44487
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Bernard Cafarelli
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 915554
  Show dependency tree
 
Reported: 2023-10-10 16:08 UTC by Timo Rothenpieler
Modified: 2023-10-11 12:36 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Timo Rothenpieler 2023-10-10 16:08:28 UTC 
nghttp2 just released version 1.57.0 which fixes CVE-2023-44487.

nginx itself is also affected by this, and have pushed a fix to their repo, but no release has been made yet.
Comment 1 Larry the Git Cow gentoo-dev 2023-10-11 12:36:25 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5788abe47326ee17b77c3e6649d980a1215b24a0

commit 5788abe47326ee17b77c3e6649d980a1215b24a0
Author:     Bernard Cafarelli <voyageur@gentoo.org>
AuthorDate: 2023-10-11 12:34:33 +0000
Commit:     Bernard Cafarelli <voyageur@gentoo.org>
CommitDate: 2023-10-11 12:34:33 +0000

    net-libs/nghttp2: add 1.57.0
    
    Closes: https://bugs.gentoo.org/915550
    Bug: https://bugs.gentoo.org/915554
    Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org>

 net-libs/nghttp2/Manifest              |  1 +
 net-libs/nghttp2/nghttp2-1.57.0.ebuild | 58 ++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+)