[ubuntu/questing-updates] nghttp2 1.64.0-1.1ubuntu1.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue May 5 17:28:24 UTC 2026
nghttp2 (1.64.0-1.1ubuntu1.1) questing-security; urgency=medium
* SECURITY UPDATE: Denial of service through assertion failure.
- debian/patches/CVE-2026-27135-pre1.patch: Add iframe->state ==
NGHTTP2_IB_IGN_ALL checks in lib/nghttp2_session.c.
- debian/patches/CVE-2026-27135-pre2.patch: Add iframe->state ==
NGHTTP2_IB_IGN_ALL checks in lib/nghttp2_session.c.
- debian/patches/CVE-2026-27135.patch: Add iframe->state ==
NGHTTP2_IB_IGN_ALL checks in lib/nghttp2_session.c.
- debian/patches/CVE-2026-27135-post1.patch: Add iframe->state ==
NGHTTP2_IB_IGN_ALL checks in lib/nghttp2_session.c.
- CVE-2026-27135
Date: 2026-04-27 20:24:10.091831+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/nghttp2/1.64.0-1.1ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list