update: nghttp2 #1415

dongsupark · 2024-04-04T07:42:38Z

Name: nghttp2
CVEs: CVE-2024-28182
CVSSs: 5.3
Action Needed: update to >= 1.61.0

Summary: An implementation using the nghttp2 library will continue to receive CONTINUATION frames, and will not callback to the application to allow visibility into this information before it resets the stream, resulting in a DoS.

related: CVE-2023-45288 of Go.

refmap.gentoo: https://bugs.gentoo.org/928541

dongsupark added security security concerns advisory security advisory labels Apr 4, 2024

dongsupark added this to Flatcar tactical, release planning, and roadmap Apr 4, 2024

github-project-automation bot moved this to 📝 Needs Triage in Flatcar tactical, release planning, and roadmap Apr 4, 2024

dongsupark moved this from 📝 Needs Triage to 🪵Backlog in Flatcar tactical, release planning, and roadmap Apr 8, 2024

dongsupark added the cvss/MEDIUM >= 4 && < 7 assessed CVSS label Apr 8, 2024

krnowak mentioned this issue Apr 8, 2024

Weekly portage-stable package updates 2024-04-08 flatcar/scripts#1854

Merged

2 tasks

krnowak closed this as completed in flatcar/scripts#1854 Apr 11, 2024

github-project-automation bot moved this from 🪵Backlog to Implemented in Flatcar tactical, release planning, and roadmap Apr 11, 2024

github-actions bot mentioned this issue Apr 22, 2024

Monthly contributions report 2024-03-22 - 2024-04-21 #1435

Closed

dongsupark removed this from Flatcar tactical, release planning, and roadmap Sep 5, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update: nghttp2 #1415

update: nghttp2 #1415

dongsupark commented Apr 4, 2024 •

edited

Loading

update: nghttp2 #1415

update: nghttp2 #1415

Comments

dongsupark commented Apr 4, 2024 • edited Loading

dongsupark commented Apr 4, 2024 •

edited

Loading