Re: Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset

To: debian-user@lists.debian.org
Subject: Re: Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset
From: Marco Moock <mm@dorfdsl.de>
Date: Tue, 28 Nov 2023 16:50:17 +0100
Message-id: <[🔎] 20231128165017.21de6d57@ryz.home.arpa>
In-reply-to: <[🔎] PR3PR10MB38832F913D9074A2F9B94678E2BCA@PR3PR10MB3883.EURPRD10.PROD.OUTLOOK.COM>
References: <[🔎] PR3PR10MB38832F913D9074A2F9B94678E2BCA@PR3PR10MB3883.EURPRD10.PROD.OUTLOOK.COM>

Am 28.11.2023 um 08:56:28 Uhr schrieb Marold Marcus (DC-AE/ESW1):

> I would like to request an upgrade of the curl package (Linux Ubuntu
> Core 22 / Jammy) to Nghttp2 v1.57.0 because of
> CVE-2023-44487<https://github.com/advisories/GHSA-qppj-fm5r-hxr3>:
> HTTP/2 Rapid Reset.

That is the debian user mailing list, not related to Ubuntu.

Debian has curl 8.4.0 included.

Testing and unstable already have nghttp2 1.58.0.
Stable doesn't.
https://tracker.debian.org/pkg/nghttp2

Contact the maintainers (listed on the left) about that.

Reply to:

References:
- Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset
  - From: "Marold Marcus (DC-AE/ESW1)" <marcus.marold@boschrexroth.de>

Prev by Date: Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset
Next by Date: Re: Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset
Previous by thread: Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset
Next by thread: Re: Security vulnerability at curl package: CVE-2023-44487: HTTP/2 Rapid Reset
Index(es):
- Date
- Thread