—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4511-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 01, 2019 https://www.debian.org/security/faq
– ————————————————————————-

Package : nghttp2
CVE ID : CVE-2019-9511 CVE-2019-9513

Two vulnerabilities were discovered in the HTTP/2 code of the nghttp2
HTTP server, which could result in denial of service.

For the oldstable distribution (stretch), these problems have been fixed
in version 1.18.1-1+deb9u1.

For the stable distribution (buster), these problems have been fixed in
version 1.36.0-2+deb10u1.

We recommend that you upgrade your nghttp2 packages.

For the detailed security status of nghttp2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nghttp2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1sMs8ACgkQEMKTtsN8
Tjb8Uw//S/tOXQZwAiYCUe3tC+Uc/Zz3FpbSoC73Edn/zShG5PWuACth3NDbBhZI
Ye7o8jMxvsJ1J/McekMPqT8eD5D+HxrQJAkZzvyquVKhxhgHB4onmqOn6/kMiuFp
sdUhBh+Kyiwr0ix2uph92KxggC+jq65RbvSWFFP0CXQJ2Ua0929JJQfkv76Wk1nD
bWd2Pw0maSiXTagShhWqCkBgZo5swMIx2uHvixlFe75FnERnwu3JhKHL4R90r3dq
rqItD3BDWXa2l8UNjPj7W7Nf01UxZSPl+GCOR+qDX0LDghy1M9GOz9u8qq+argca
foHTJPPibbG3DYsOg5BrQkQE9LiRZmezhG13hkIEN25cKDyZo2gxCZ597MSfjzgf
6VLTFRbd2cLmK0iilXa6OtL3Rm3wTTgSjhZ5wjSgbPddpHnso//AeFpSyCyIIDWL
VHlB44ehulQljfYxH0iLH8cy9MtEDk5zhOh9ziFjnzDtx5JX7l/5D8LLOGHZj67O
TH0VNXYmKvt/x9ROi3G9+1XweYM8rYIwxQlBIVASQtlSfqqYCOX5LjJkSuBQhk8D
nsGr1umNZ8hdDc4dfZQiD/Trwo99/3HuPdmEt5jwfunocygMyv9+yLfB+J3H+AS/
5epPIGh/E96OLBqPwWUryVX3xx8JiEaHvxPFIDLzZyRYSjQaSXo=
=FvKi
—–END PGP SIGNATURE—–