Information on source package nghttp2

Available versions

ReleaseVersion
stretch1.18.1-1+deb9u1
buster1.36.0-2+deb10u1
bullseye1.41.0-3
sid1.41.0-3

Open issues

BugstretchbusterbullseyesidDescription
CVE-2018-1000168vulnerable (no DSA)fixedfixedfixednghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Imp ...

Open unimportant issues

BugstretchbusterbullseyesidDescription
TEMP-0000000-A4EF31vulnerablevulnerablevulnerablevulnerableNull pointer access in inflatehd tool

Resolved issues

BugDescription
CVE-2019-9513Some HTTP/2 implementations are vulnerable to resource loops, potentia ...
CVE-2019-9511Some HTTP/2 implementations are vulnerable to window size manipulation ...
CVE-2016-1544nghttp2 before 1.7.1 allows remote attackers to cause a denial of serv ...
CVE-2015-8659The idle stream handling in nghttp2 before 1.6.0 allows attackers to h ...

Security announcements

DSA / DLADescription
DSA-4511-1nghttp2 - security update

Search for package or bug name: Reporting problems