Summary: | <net-libs/nghttp2-1.41.0: denial of service via overly large SETTINGS frames (CVE-2020-11080) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jeroen Roovers (RETIRED) <jer> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | polynomial-c |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://nghttp2.org/blog/2020/06/02/nghttp2-v1-41-0/ | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=726836 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
net-libs/nghttp2-1.41.0
|
Runtime testing required: | --- |
Description
Jeroen Roovers (RETIRED)
2020-06-02 20:26:36 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83969940dab82d3e44003f659eaec0a4668bcb45 commit 83969940dab82d3e44003f659eaec0a4668bcb45 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-06-02 20:45:07 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-06-02 20:45:19 +0000 net-libs/nghttp2: Security bump to version 1.41.0 Bug: https://bugs.gentoo.org/726834 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-libs/nghttp2/Manifest | 1 + net-libs/nghttp2/nghttp2-1.41.0.ebuild | 77 ++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) s390 stable x86 stable amd64 stable arm stable ppc stable ppc64 stable sparc stable arm64 stable ---- @maintainer(s), please cleanup ping The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3707631c00f4838f95dcedc2c64c622390a6a888 commit 3707631c00f4838f95dcedc2c64c622390a6a888 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-06-20 11:21:37 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-06-20 11:21:45 +0000 net-libs/nghttp2: Security cleanup Bug: https://bugs.gentoo.org/726834 Package-Manager: Portage-2.3.101, Repoman-2.3.22 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> net-libs/nghttp2/Manifest | 1 - net-libs/nghttp2/nghttp2-1.40.0.ebuild | 77 ---------------------------------- 2 files changed, 78 deletions(-) Thanka! |