-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Apr 2026 16:23:22 +0200
Source: nghttp2
Binary: libnghttp2-14 libnghttp2-14-dbgsym libnghttp2-dev nghttp2-client nghttp2-client-dbgsym nghttp2-proxy nghttp2-proxy-dbgsym nghttp2-server nghttp2-server-dbgsym
Architecture: i386
Version: 1.52.0-1+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Lukas Märdian <slyon@debian.org>
Description:
 libnghttp2-14 - library implementing HTTP/2 protocol (shared library)
 libnghttp2-dev - library implementing HTTP/2 protocol (development files)
 nghttp2-client - client implementing HTTP/2 protocol
 nghttp2-proxy - reverse proxy implementing HTTP/2 protocol
 nghttp2-server - server implementing HTTP/2 protocol
Closes: 1131369
Changes:
 nghttp2 (1.52.0-1+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2026-27135 (Closes: #1131369)
     Fix missing iframe->state validations to avoid assertion failure.
   * Add test for CVE-2026-27135 (cherry-picked from upstream c619c7b)
Checksums-Sha1:
 2dd4a014d925c898e52c0f54edb6a9292d15ad70 193880 libnghttp2-14-dbgsym_1.52.0-1+deb12u3_i386.deb
 9be15f63e1768cc990753a40cddb0a4b56ac5505 81044 libnghttp2-14_1.52.0-1+deb12u3_i386.deb
 39a2abf91a814740bc4a2cc6270c71e63b2b2012 120400 libnghttp2-dev_1.52.0-1+deb12u3_i386.deb
 f2c3fecfa7a991cda4aafcfd6e7019cbf7b5d8c1 1961340 nghttp2-client-dbgsym_1.52.0-1+deb12u3_i386.deb
 b134b21bbe12d1d9dece7a45c09161c144ebc7d3 186764 nghttp2-client_1.52.0-1+deb12u3_i386.deb
 6d70441d10e7bb20a9ba49ebe4fe0611c8af7d1c 5752628 nghttp2-proxy-dbgsym_1.52.0-1+deb12u3_i386.deb
 6ec2acc0920754d3aef133e42c76cb34b1c8c81b 431664 nghttp2-proxy_1.52.0-1+deb12u3_i386.deb
 557aba1d28bbb750f7d5d5cc73f4770a6cc7445f 935616 nghttp2-server-dbgsym_1.52.0-1+deb12u3_i386.deb
 a0c8723ca40a8af5ce28080ea23748c197355865 108020 nghttp2-server_1.52.0-1+deb12u3_i386.deb
 12122f91f7d74759e18bab22cc18d8f8859c9d4a 8989 nghttp2_1.52.0-1+deb12u3_i386-buildd.buildinfo
Checksums-Sha256:
 94e32d8fbef3a1ad80ae86b1e88d9526d993ffe12ca5825c231c3f542be38bef 193880 libnghttp2-14-dbgsym_1.52.0-1+deb12u3_i386.deb
 916e76b818492a46e51a632d1d7e5aafacb53fe441acb9f48b2ec399d854cbff 81044 libnghttp2-14_1.52.0-1+deb12u3_i386.deb
 ff56689005bc02c897e7af82ae290962ce80f2c8813fbd2980619b8dc80b0ede 120400 libnghttp2-dev_1.52.0-1+deb12u3_i386.deb
 94e12fc122944448831d038b62e7e5dca3a2e8b0252f6089c22fe4996adb1c8a 1961340 nghttp2-client-dbgsym_1.52.0-1+deb12u3_i386.deb
 bc611887b9dc2e8f433741ca29520a99c90fa6cfb00d3535be59fe3223862bd2 186764 nghttp2-client_1.52.0-1+deb12u3_i386.deb
 23c7f48ff2e9823f847e7f4a69badb4153797bcd1f7ff60a205f01556da54802 5752628 nghttp2-proxy-dbgsym_1.52.0-1+deb12u3_i386.deb
 fbc16172be4c82c31e92d8ec796fdac8c1ff6f0bf7847e6f59b12d29f44d88d9 431664 nghttp2-proxy_1.52.0-1+deb12u3_i386.deb
 6a2fcf84660704ee2f2f9b397aad7bebbb95f420147169851a8b303755038226 935616 nghttp2-server-dbgsym_1.52.0-1+deb12u3_i386.deb
 4b701fd911beec3016ddfb59ca1196f6507f2982a8128103477e54c916bdc113 108020 nghttp2-server_1.52.0-1+deb12u3_i386.deb
 ae002b99d14795be167f73e3129d759af95550bcfba5feef43b81d61526dce59 8989 nghttp2_1.52.0-1+deb12u3_i386-buildd.buildinfo
Files:
 8ed0734f97e5112fa1fc077c174d6304 193880 debug optional libnghttp2-14-dbgsym_1.52.0-1+deb12u3_i386.deb
 d1ddb5c45c7a09b6a866750c8dd982cb 81044 libs optional libnghttp2-14_1.52.0-1+deb12u3_i386.deb
 bfea6cb70050ee30fa540a1da3768e46 120400 libdevel optional libnghttp2-dev_1.52.0-1+deb12u3_i386.deb
 b3376285b8eead1df1c3ad6a165d5b3b 1961340 debug optional nghttp2-client-dbgsym_1.52.0-1+deb12u3_i386.deb
 2783468a507186dca3081f7defe4373e 186764 httpd optional nghttp2-client_1.52.0-1+deb12u3_i386.deb
 9f57c9b1cf9b283173f1b8b3fc5e2edb 5752628 debug optional nghttp2-proxy-dbgsym_1.52.0-1+deb12u3_i386.deb
 1ffd442fd65f426a4549fe3e7076107c 431664 httpd optional nghttp2-proxy_1.52.0-1+deb12u3_i386.deb
 95611b66b90cacdb5a9c9ea536205c60 935616 debug optional nghttp2-server-dbgsym_1.52.0-1+deb12u3_i386.deb
 3a914b92c0d89e413402efbbcd3fa4f6 108020 httpd optional nghttp2-server_1.52.0-1+deb12u3_i386.deb
 4b283424771ad8c711228eb7aa861997 8989 httpd optional nghttp2_1.52.0-1+deb12u3_i386-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPAUaMA0H0rOy6qBWf2INRiCdaWIFAmoEblwACgkQf2INRiCd
aWJKaxAAnk723ffydHEMznQtbfLE+wZYW6jGuNaWTwjcFqY5fhLBOZh0wZdL+etT
n9xR80XEVlBjwihDmx9Hxaqw8UWFxd9+31L2R0dgg9YzSzlEYn4PuvNf59Fay7Qz
6ETCteR2paYT1c6Gn7hXeoTmDdhvlxvhRWZFk70Mz5CchLP2hcH4nItsJ2jJSYB0
2jnWabNixM7W5MCXGU+PZa1R2D7Ifi9pCsIh65TWiJ4/+5bMCjlOl1bpdtyHKlbN
eylK4D02XwnpSlDOcWNCeefUHyZPFBKQsD3zfuCHh8WuvDykSd4D9fdHQJljs+qV
FLTPyscqEg0QyxCdzE02ijUMIDRRuHVc+5lugfBsK1lKYalOlILNKR9AL7YpkWLV
lLMkPPKyoN1CiIsVucQ06pHf5n5nTEMZ5d0mVHYEK2Ixt53GprkWYzcqrSxzDDPP
GBC0juywRwH+76AVOvB6bXpFkBe1H9Fw5Tz1XZMUlhnL7K2Q1bGHy4ZrTKq8//hI
7vW0bszRWS5lKmFhVJa89ghPuTqtDHbq61yrwP6WTGQEtS0tRZFVUF9f0Oerw/A8
JeP4Z3qsDzqr8tvWJPp95Q5riWKHTcxLNFGdRT43jvcomYBliNgq8/F4yxtxxO2H
We63AQ5OGqdrL97LRyzWrnXLndVCDOTL8x+9KRRhFvBMSmcXRgM=
=Sfmj
-----END PGP SIGNATURE-----