The bug has a great summary [0] for us: "Recently, a series of DoS attack vulnerabilities have been reported on a broad range of HTTP/2 stacks. Among the vulnerabilities, H2O is exposed to the following: CVE-2019-9512 (Ping Flood) CVE-2019-9514 (Reset Flood) CVE-2019-9515 (Settings Flood)" [0] https://github.com/h2o/h2o/issues/2090#issue-479463015
@maintainer(s), please bump to 2.2.6!
Note that these issues also applied to other applications, e.g. bug 692152.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e458c40a76090011313d131dd7ad35dca540902e commit e458c40a76090011313d131dd7ad35dca540902e Author: Akinori Hattori <hattya@gentoo.org> AuthorDate: 2020-04-30 13:07:04 +0000 Commit: Akinori Hattori <hattya@gentoo.org> CommitDate: 2020-04-30 13:07:04 +0000 www-servers/h2o: drop old Bug: https://bugs.gentoo.org/718952 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Akinori Hattori <hattya@gentoo.org> www-servers/h2o/Manifest | 1 - www-servers/h2o/h2o-2.2.5.ebuild | 106 --------------------------------------- 2 files changed, 107 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00fbe838b896037e6aec6b8d1dc83003dc7960e0 commit 00fbe838b896037e6aec6b8d1dc83003dc7960e0 Author: Akinori Hattori <hattya@gentoo.org> AuthorDate: 2020-04-30 13:05:11 +0000 Commit: Akinori Hattori <hattya@gentoo.org> CommitDate: 2020-04-30 13:05:11 +0000 www-servers/h2o: amd64/x86 stable Bug: https://bugs.gentoo.org/718952 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Akinori Hattori <hattya@gentoo.org> www-servers/h2o/h2o-2.2.6.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks!