[SECURITY] [DSA 6222-1] ngtcp2 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6222-1] ngtcp2 security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 21 Apr 2026 18:29:01 +0000
Message-id: <[🔎] aefB7cVSbHxPASbt@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6222-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 21, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : ngtcp2
CVE ID         : CVE-2026-40170

Zou Dikai discovered a buffer overflow in ngtcp2, a QUIC protocol library.

For the oldstable distribution (bookworm), this problem has been fixed
in version 0.12.1+dfsg-1+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 1.11.0-1+deb13u1.

We recommend that you upgrade your ngtcp2 packages.

For the detailed security status of ngtcp2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ngtcp2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnnwK4ACgkQEMKTtsN8
TjZKqQ/+OvmNLaK/5FI5GvNfJaGtUj3f7I1S3mvxbDytdWy/wmyD97lDym6PJjjK
yhCtJqKssPdHFvmB6ticeelxFKEXHxcB9QhnIwlFNfFyD2ubc2VXZ5qE73QlxLVg
6YmtSniRgyMyL/nXRv1WLnK6WZAvSMPVG+QdPAyLa60PDGVgyYac8slLhTFGUyz2
VUbi8CreTZtrbOVNm0WedKZFnrqnvJfZ/5l/eqgpxeEod1o2jNwhMdZ4+42kmN6c
nraUTKrO0QcfnkXk00AC0BJ6MGZMffCkDyb2qwYZzFTDvjbDZgPXTyT6jYr12re1
uKQ/STEe6ar8vkQFP6RM7PhxNZaCQqn5d7M6o3NzkQm71u5SilqraMUOSLQHUDp0
4ioi5JR2Mh/7VjxKRfjnSGTWRlGm7O3XzqXVSFhk/d22pnF5IYqP1VrHGkce4BGu
tDXlRP8mA/QSiobtyuUK9kuQ7danJvmdvJoRoPwS9cW+LQvEAmb3LhSo2zJVjCC/
BZFUYgy2ZK8+CvyYPK1Kcrx5L1yLbVo12xEKturVbHMxbLIxxMBmnCJZeMLY4gff
uMjGBqtJBeuqYlXfOFabJ8kED+I4U7ZLrLz0q933hBe3gLyZjzdhwe3FccxZlF0C
FCSOs4ProJEDhnUQhq9kdpyee79TWjCGY4nnfwQKpv50Xzs3wiQ=
=x7b6
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6221-1] ntfs-3g security update
Next by Date: [SECURITY] [DSA 6223-1] flatpak security update
Previous by thread: [SECURITY] [DSA 6221-1] ntfs-3g security update
Next by thread: [SECURITY] [DSA 6223-1] flatpak security update
Index(es):
- Date
- Thread