Summary: | <net-libs/nghttp2-1.57.0: HTTP/2 Rapid Reset vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hans de Graaff <graaff> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | normal | CC: | hanno, voyageur |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 | ||
Whiteboard: | A3 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 915550, 915599 | ||
Bug Blocks: | 915553 |
Description
Hans de Graaff
![]() ![]() The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5788abe47326ee17b77c3e6649d980a1215b24a0 commit 5788abe47326ee17b77c3e6649d980a1215b24a0 Author: Bernard Cafarelli <voyageur@gentoo.org> AuthorDate: 2023-10-11 12:34:33 +0000 Commit: Bernard Cafarelli <voyageur@gentoo.org> CommitDate: 2023-10-11 12:34:33 +0000 net-libs/nghttp2: add 1.57.0 Closes: https://bugs.gentoo.org/915550 Bug: https://bugs.gentoo.org/915554 Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org> net-libs/nghttp2/Manifest | 1 + net-libs/nghttp2/nghttp2-1.57.0.ebuild | 58 ++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) I am quickly testing bumped version on my server - will open a stable request in a few hours if it looks OK The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=060dd1d5f79e1e19c5577a232d95d6b75f628c70 commit 060dd1d5f79e1e19c5577a232d95d6b75f628c70 Author: Bernard Cafarelli <voyageur@gentoo.org> AuthorDate: 2023-11-30 07:58:50 +0000 Commit: Bernard Cafarelli <voyageur@gentoo.org> CommitDate: 2023-11-30 07:58:50 +0000 net-libs/nghttp2: remove vulnerable versions Bug: https://bugs.gentoo.org/915554 Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org> net-libs/nghttp2/Manifest | 4 -- net-libs/nghttp2/nghttp2-1.51.0-r1.ebuild | 79 ------------------------------- net-libs/nghttp2/nghttp2-1.51.0.ebuild | 76 ----------------------------- net-libs/nghttp2/nghttp2-1.52.0.ebuild | 58 ----------------------- net-libs/nghttp2/nghttp2-9999.ebuild | 1 - 5 files changed, 218 deletions(-) |