CVE-2024-27316 - fix CONTINUATION frames DoS

Resolves: RHEL-29823
This commit is contained in:
Jan Macku 2024-04-10 09:48:29 +02:00
parent f1a7244f36
commit eab77a0da6

View File

@ -1,7 +1,7 @@
Summary: Experimental HTTP/2 client, server and proxy
Name: nghttp2
Version: 1.33.0
Release: 6%{?dist}
Release: 6%{?dist}.1
License: MIT
Group: Applications/Internet
URL: https://nghttp2.org/
@ -16,7 +16,7 @@ Patch2: nghttp2-1.33.0-CVE-2020-11080.patch
# fix HTTP/2 Rapid Reset (CVE-2023-44487)
Patch3: 0003-nghttp2-1.33.0-CVE-2023-44487.patch
# fix CONTINUATION frames DoS (CVE-2024-28182)
# fix CONTINUATION frames DoS (CVE-2024-28182, CVE-2024-27316)
Patch4: 0004-nghttp2-1.33.0-CVE-2024-28182.patch
BuildRequires: automake
@ -135,6 +135,9 @@ make %{?_smp_mflags} check
%changelog
* Mon Apr 10 2024 Jan Macku <jamacku@redhat.com> - 1.33.0-6.1
- fix CONTINUATION frames DoS (CVE-2024-27316)
* Mon Apr 08 2024 Jan Macku <jamacku@redhat.com> - 1.33.0-6
- fix CONTINUATION frames DoS (CVE-2024-28182)