UbuntuUpdates.org

Release natty does not exist.

Latest Changelogs for all releases

All releases Bionic Focal Jammy Lunar Mantic Noble Precise Trusty Xenial
Include all PPAs Exclude daily builds PPAs Exclude all PPAs
Include levels: securityupdatesbackportsproposedbase

Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).

nghttp2 Apr 26th 00:07
Release: mantic Repo: universe Level: updates New version: 1.55.1-1ubuntu0.2
Packages in group:  nghttp2-client nghttp2-proxy nghttp2-server

  nghttp2 (1.55.1-1ubuntu0.2) mantic-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Wed, 17 Apr 2024 16:45:46 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: mantic Repo: universe Level: security New version: 1.55.1-1ubuntu0.2
Packages in group:  nghttp2-client nghttp2-proxy nghttp2-server

  nghttp2 (1.55.1-1ubuntu0.2) mantic-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Wed, 17 Apr 2024 16:45:46 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: mantic Repo: main Level: updates New version: 1.55.1-1ubuntu0.2
Packages in group:  libnghttp2-14 libnghttp2-dev libnghttp2-doc

  nghttp2 (1.55.1-1ubuntu0.2) mantic-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Wed, 17 Apr 2024 16:45:46 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: mantic Repo: main Level: security New version: 1.55.1-1ubuntu0.2
Packages in group:  libnghttp2-14 libnghttp2-dev libnghttp2-doc

  nghttp2 (1.55.1-1ubuntu0.2) mantic-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Wed, 17 Apr 2024 16:45:46 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: jammy Repo: universe Level: updates New version: 1.43.0-1ubuntu0.2
Packages in group:  nghttp2-client nghttp2-proxy nghttp2-server

  nghttp2 (1.43.0-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:14:38 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: jammy Repo: universe Level: security New version: 1.43.0-1ubuntu0.2
Packages in group:  nghttp2-client nghttp2-proxy nghttp2-server

  nghttp2 (1.43.0-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:14:38 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

tracker-miners Apr 26th 00:07
Release: jammy Repo: main Level: updates New version: 3.3.3-0ubuntu0.20.04.3
Packages in group:  tracker-extract tracker-miner-fs

  tracker-miners (3.3.3-0ubuntu0.20.04.3) jammy; urgency=medium

  * Allow epoll_create1 call in seccomp whitelist (LP: #1990630)
    - d/p/seccomp-allow-epoll-create1.patch

 -- Talha Can Havadar <email address hidden> Wed, 03 Apr 2024 13:27:56 +0200
1990630 [SRU] tracker-extract-3 crashed with signal 31 in __GI_epoll_create1()

nghttp2 Apr 26th 00:07
Release: jammy Repo: main Level: updates New version: 1.43.0-1ubuntu0.2
Packages in group:  libnghttp2-14 libnghttp2-dev libnghttp2-doc

  nghttp2 (1.43.0-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:14:38 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

gce-compute-image-packages Apr 26th 00:07
Release: jammy Repo: main Level: updates New version: 20230808.00-0ubuntu1~22.04.1
Packages in group:  google-compute-engine

  gce-compute-image-packages (20230808.00-0ubuntu1~22.04.1) jammy; urgency=medium

  * debian/99-gce.rules:
    * The previous rule forced an I/O scheduler on all disk types. This
      has now been re-scoped to only affect HDDs.
    * The I/O scheduler has also been changed from "NOOP" to "NONE"
      which performed much better in testing.
    * LP: #2045708.

 -- Chloé 'kajiya' Smith <email address hidden> Tue, 09 Jan 2024 23:19:03 +0000
2045708 [SRU] Improve debian/99-gce.rules to set schedulers based on disk

nghttp2 Apr 26th 00:07
Release: jammy Repo: main Level: security New version: 1.43.0-1ubuntu0.2
Packages in group:  libnghttp2-14 libnghttp2-dev libnghttp2-doc

  nghttp2 (1.43.0-1ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:14:38 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: focal Repo: universe Level: updates New version: 1.40.0-1ubuntu0.3
Packages in group:  nghttp2-client nghttp2-proxy nghttp2-server

  nghttp2 (1.40.0-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:15:36 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: focal Repo: universe Level: security New version: 1.40.0-1ubuntu0.3
Packages in group:  nghttp2-client nghttp2-proxy nghttp2-server

  nghttp2 (1.40.0-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:15:36 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: focal Repo: main Level: updates New version: 1.40.0-1ubuntu0.3
Packages in group:  libnghttp2-14 libnghttp2-dev libnghttp2-doc

  nghttp2 (1.40.0-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:15:36 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

nghttp2 Apr 26th 00:07
Release: focal Repo: main Level: security New version: 1.40.0-1ubuntu0.3
Packages in group:  libnghttp2-14 libnghttp2-dev libnghttp2-doc

  nghttp2 (1.40.0-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 protocol denial of service
    - debian/patches/CVE-2024-28182-1.patch: Add
      nghttp2_option_set_max_continuations
    - debian/patches/CVE-2024-28182-2.patch: Limit CONTINUATION frames
      following an incoming HEADER frame
    - CVE-2024-28182

 -- Fabian Toepfer <email address hidden> Thu, 18 Apr 2024 09:15:36 +0200
CVE-2024-28182 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbound

google-compute-engine-oslogin Apr 25th 23:07
Release: mantic Repo: main Level: updates New version: 20231004.00-0ubuntu1~23.10.3
Packages in group: 

  google-compute-engine-oslogin (20231004.00-0ubuntu1~23.10.3) mantic; urgency=medium

  * d/control: There must be a dependency on `google-guest-agent`
    to match the (upstream) Google managed d/control file (LP: #2052438)

 -- Chloé 'kajiya' Smith <email address hidden> Tue, 06 Feb 2024 13:18:51 +0000
2052438 Update d/control file with a dependency on google-guest-agent


About   -   Send Feedback to @ubuntu_updates