UbuntuUpdates.org

Latest Changelogs for all releases

All releases Bionic Focal Jammy Lunar Mantic Noble Precise Trusty Xenial
Include all PPAs Exclude daily builds PPAs Exclude all PPAs
Include levels: securityupdatesbackportsproposedbase

Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).

nghttp2 Apr 26th 00:07
Release: mantic Repo: universe Level: updates New version: 1.55.1-1ubuntu0.2
Packages in group:  nghttp2-client nghttp2-proxy nghttp2-server

  nghttp2 (1.55.1-1ubuntu0.2) mantic-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Wed, 17 Apr 2024 16:45:46 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: mantic Repo: universe Level: security New version: 1.55.1-1ubuntu0.2
Packages in group:  nghttp2-client nghttp2-proxy nghttp2-server

  nghttp2 (1.55.1-1ubuntu0.2) mantic-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Wed, 17 Apr 2024 16:45:46 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: mantic Repo: main Level: updates New version: 1.55.1-1ubuntu0.2
Packages in group:  libnghttp2-14 libnghttp2-dev libnghttp2-doc

  nghttp2 (1.55.1-1ubuntu0.2) mantic-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Wed, 17 Apr 2024 16:45:46 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: mantic Repo: main Level: security New version: 1.55.1-1ubuntu0.2
Packages in group:  libnghttp2-14 libnghttp2-dev libnghttp2-doc

  nghttp2 (1.55.1-1ubuntu0.2) mantic-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Wed, 17 Apr 2024 16:45:46 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: jammy Repo: universe Level: updates New version: 1.43.0-1ubuntu0.2
Packages in group:  nghttp2-client nghttp2-proxy nghttp2-server

  nghttp2 (1.43.0-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:14:38 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: jammy Repo: universe Level: security New version: 1.43.0-1ubuntu0.2
Packages in group:  nghttp2-client nghttp2-proxy nghttp2-server

  nghttp2 (1.43.0-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:14:38 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

tracker-miners Apr 26th 00:07
Release: jammy Repo: main Level: updates New version: 3.3.3-0ubuntu0.20.04.3
Packages in group:  tracker-extract tracker-miner-fs

  tracker-miners (3.3.3-0ubuntu0.20.04.3) jammy; urgency=medium

  * Allow epoll_create1 call in seccomp whitelist (LP: #1990630)
    - d/p/seccomp-allow-epoll-create1.patch

 -- Talha Can Havadar <email address hidden> Wed, 03 Apr 2024 13:27:56 +0200
1990630 [SRU] tracker-extract-3 crashed with signal 31 in __GI_epoll_create1()

nghttp2 Apr 26th 00:07
Release: jammy Repo: main Level: updates New version: 1.43.0-1ubuntu0.2
Packages in group:  libnghttp2-14 libnghttp2-dev libnghttp2-doc

  nghttp2 (1.43.0-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:14:38 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

gce-compute-image-packages Apr 26th 00:07
Release: jammy Repo: main Level: updates New version: 20230808.00-0ubuntu1~22.04.1
Packages in group:  google-compute-engine

  gce-compute-image-packages (20230808.00-0ubuntu1~22.04.1) jammy; urgency=medium

  * debian/99-gce.rules:
    * The previous rule forced an I/O scheduler on all disk types. This
      has now been re-scoped to only affect HDDs.
    * The I/O scheduler has also been changed from "NOOP" to "NONE"
      which performed much better in testing.
    * LP: #2045708.

 -- Chloé 'kajiya' Smith <email address hidden> Tue, 09 Jan 2024 23:19:03 +0000
2045708 [SRU] Improve debian/99-gce.rules to set schedulers based on disk

nghttp2 Apr 26th 00:07
Release: jammy Repo: main Level: security New version: 1.43.0-1ubuntu0.2
Packages in group:  libnghttp2-14 libnghttp2-dev libnghttp2-doc

  nghttp2 (1.43.0-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:14:38 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: focal Repo: universe Level: updates New version: 1.40.0-1ubuntu0.3
Packages in group:  nghttp2-client nghttp2-proxy nghttp2-server

  nghttp2 (1.40.0-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:15:36 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: focal Repo: universe Level: security New version: 1.40.0-1ubuntu0.3
Packages in group:  nghttp2-client nghttp2-proxy nghttp2-server

  nghttp2 (1.40.0-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:15:36 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: focal Repo: main Level: updates New version: 1.40.0-1ubuntu0.3
Packages in group:  libnghttp2-14 libnghttp2-dev libnghttp2-doc

  nghttp2 (1.40.0-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:15:36 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: focal Repo: main Level: security New version: 1.40.0-1ubuntu0.3
Packages in group:  libnghttp2-14 libnghttp2-dev libnghttp2-doc

  nghttp2 (1.40.0-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:15:36 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

google-compute-engine-oslogin Apr 25th 23:07
Release: mantic Repo: main Level: updates New version: 20231004.00-0ubuntu1~23.10.3
Packages in group: 

  google-compute-engine-oslogin (20231004.00-0ubuntu1~23.10.3) mantic; urgency=medium

  * d/control: There must be a dependency on `google-guest-agent`
    to match the (upstream) Google managed d/control file (LP: #2052438)

 -- Chloé 'kajiya' Smith <email address hidden> Tue, 06 Feb 2024 13:18:51 +0000
2052438 Update d/control file with a dependency on google-guest-agent


About   -   Send Feedback to @ubuntu_updates