DSA-6266-1

NameDSA-6266-1
Descriptionnghttp2 - security update
SourceDebian
ReferencesCVE-2026-27135

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nghttp2 (PTS)bookworm1.52.0-1+deb12u2vulnerable
bookworm (security)1.52.0-1+deb12u3fixed
trixie1.64.0-1.1vulnerable
trixie (security)1.64.0-1.1+deb13u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nghttp2sourcebookworm1.52.0-1+deb12u3
nghttp2sourcetrixie1.64.0-1.1+deb13u1
Search for package or bug name: Reporting problems