From eab77a0da66f15bc5084a2fd0ea1514636cbfe69 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Wed, 10 Apr 2024 09:48:29 +0200
Subject: [PATCH] CVE-2024-27316 - fix CONTINUATION frames DoS

Resolves: RHEL-29823
---
 nghttp2.spec | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/nghttp2.spec b/nghttp2.spec
index 3d38c70..878e77c 100644
--- a/nghttp2.spec
+++ b/nghttp2.spec
@@ -1,7 +1,7 @@
 Summary: Experimental HTTP/2 client, server and proxy
 Name: nghttp2
 Version: 1.33.0
-Release: 6%{?dist}
+Release: 6%{?dist}.1
 License: MIT
 Group: Applications/Internet
 URL: https://nghttp2.org/
@@ -16,7 +16,7 @@ Patch2: nghttp2-1.33.0-CVE-2020-11080.patch
 # fix HTTP/2 Rapid Reset (CVE-2023-44487)
 Patch3: 0003-nghttp2-1.33.0-CVE-2023-44487.patch
 
-# fix CONTINUATION frames DoS (CVE-2024-28182)
+# fix CONTINUATION frames DoS (CVE-2024-28182, CVE-2024-27316)
 Patch4: 0004-nghttp2-1.33.0-CVE-2024-28182.patch
 
 BuildRequires: automake
@@ -135,6 +135,9 @@ make %{?_smp_mflags} check
 
 
 %changelog
+* Mon Apr 10 2024 Jan Macku <jamacku@redhat.com> - 1.33.0-6.1
+- fix CONTINUATION frames DoS (CVE-2024-27316)
+
 * Mon Apr 08 2024 Jan Macku <jamacku@redhat.com> - 1.33.0-6
 - fix CONTINUATION frames DoS (CVE-2024-28182)