-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Apr 2026 17:04:15 +0200
Source: nghttp2
Binary: libnghttp2-14 libnghttp2-14-dbgsym libnghttp2-dev nghttp2-client nghttp2-client-dbgsym nghttp2-proxy nghttp2-proxy-dbgsym nghttp2-server nghttp2-server-dbgsym
Architecture: i386
Version: 1.64.0-1.1+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Lukas Märdian <slyon@debian.org>
Description:
 libnghttp2-14 - library implementing HTTP/2 protocol (shared library)
 libnghttp2-dev - library implementing HTTP/2 protocol (development files)
 nghttp2-client - client implementing HTTP/2 protocol
 nghttp2-proxy - reverse proxy implementing HTTP/2 protocol
 nghttp2-server - server implementing HTTP/2 protocol
Closes: 1131369
Changes:
 nghttp2 (1.64.0-1.1+deb13u1) trixie-security; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2026-27135 (Closes: #1131369)
     Fix missing iframe->state validations to avoid assertion failure.
   * Add test for CVE-2026-27135 (cherry-picked from upstream c619c7b)
Checksums-Sha1:
 ce99a1212af5e8fe8cf11c2adced9fe8bc1b4c10 204196 libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_i386.deb
 972627371b54525c9904515dc64cb84f5453fa13 84016 libnghttp2-14_1.64.0-1.1+deb13u1_i386.deb
 7145a041be44f57a878da63618d61909336d4209 125688 libnghttp2-dev_1.64.0-1.1+deb13u1_i386.deb
 dddb1b2da9a69481c13c0ee1ece16d9f5635f830 2176256 nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_i386.deb
 43d2ea57be4aae34344cf60b4e67aebf105e165d 205720 nghttp2-client_1.64.0-1.1+deb13u1_i386.deb
 9dcb5270b3a14a63f96559081da03a30b855147b 6155424 nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_i386.deb
 beb4c0bf121fded43e6261d162a332e7e9b2510b 461196 nghttp2-proxy_1.64.0-1.1+deb13u1_i386.deb
 85355aea74fe2e4af8f59668d4f51753aa667223 1129388 nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_i386.deb
 183e253a859b73db0b4f62a7ede4826612ac164d 121056 nghttp2-server_1.64.0-1.1+deb13u1_i386.deb
 a688b69790f75cc23409443abcdb16bac7192cbf 8589 nghttp2_1.64.0-1.1+deb13u1_i386-buildd.buildinfo
Checksums-Sha256:
 131ce360411ac06d35c4275219be457906dd35d756ab26a800b33a710b9944f7 204196 libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_i386.deb
 18ce615b00c11b21bddf2e008e7651d760a01c18c65fd87acd5ee3b8e4b442cf 84016 libnghttp2-14_1.64.0-1.1+deb13u1_i386.deb
 3cc954669301bfb7adcd6a2338876bf73a00a0bd92088a3d55348d33fdccaa56 125688 libnghttp2-dev_1.64.0-1.1+deb13u1_i386.deb
 cc555d9250c4bf47931d390c3f0d9a19abbf11706d3a73c647fbf36457f3cb36 2176256 nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_i386.deb
 edfe8bf3ec3128c003ea730e0f23e42204f67cc9e9f150cb231861f722237751 205720 nghttp2-client_1.64.0-1.1+deb13u1_i386.deb
 542162469e4b7bece7620bfc0ade105ca7768056491f40d0eb4af4f7d26ef540 6155424 nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_i386.deb
 718f8aebb113ebaae256169d0855ec8b46b703ff7ccbd3dcd629ce7f11395b46 461196 nghttp2-proxy_1.64.0-1.1+deb13u1_i386.deb
 f36e63a43abaff3c27dece0e2c883b0d8a71500f583c9af601bff49e293f136f 1129388 nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_i386.deb
 abd0f8bf2cc7c02ad197cbc9c026f174a602b205ec26dda3ceb7d08ed9372260 121056 nghttp2-server_1.64.0-1.1+deb13u1_i386.deb
 6d6af3329e6d87c06c376039aa1f1847d702866142fa3645af98ea269830e6f1 8589 nghttp2_1.64.0-1.1+deb13u1_i386-buildd.buildinfo
Files:
 93012a797e9fe63e9b2e045da2360fb7 204196 debug optional libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_i386.deb
 6f9831edcf5f50bf49612da69576eeb7 84016 libs optional libnghttp2-14_1.64.0-1.1+deb13u1_i386.deb
 ae0633c6b21b67ff8fd2e819e59b597f 125688 libdevel optional libnghttp2-dev_1.64.0-1.1+deb13u1_i386.deb
 6249528e3a69a5a78392b5e6ca0dbd66 2176256 debug optional nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_i386.deb
 bda2cbb8904409fab394884953764582 205720 httpd optional nghttp2-client_1.64.0-1.1+deb13u1_i386.deb
 0c33a42f8dbe1b97dbff183b815c2d42 6155424 debug optional nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_i386.deb
 723754bfbbd39178c09af83394ecbd24 461196 httpd optional nghttp2-proxy_1.64.0-1.1+deb13u1_i386.deb
 8d90447fd5ce46be61923a0278a43513 1129388 debug optional nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_i386.deb
 c363bfc62681ddcf0ae07aafe09b2fb3 121056 httpd optional nghttp2-server_1.64.0-1.1+deb13u1_i386.deb
 dacb9facecc81423bc8666f27d4df2aa 8589 httpd optional nghttp2_1.64.0-1.1+deb13u1_i386-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7cQ9mRD4+dWjjrb6PkCWRKsh20cFAmoEbrcACgkQPkCWRKsh
20eCiQ//TTBDp8zHO3Kdb8MZ7UiqzPDJ7cySub0Uc2QuDpgnKMgugRfUMTcRb+p4
4UAvyV6A106NZ556nSIfngHF5L+N+PmjEmM+q4i+WWLpD5Kq7GAldNN2XSOGnWsC
E8TsczRag2CGQCebuJrDiyBSkOhdcbo1FmU/TgfsYLxQQ8CveuG+27366nKot4RW
bNCV6BhPaBLB2T9KfwCUhJEqt4w+5leDfLj4KgFOlB5YLXWtva+lNi47JdHDcyyn
Vhs67Qz+81h/pAVW/TCJrPU+4bvTKPg75WKEAeS4X5tsTuyTcKuntdjoRl8j2gNk
ekagLyO0poJpFLdSCptxELyWTtlGQotmXc+HRZ6HEs7phzyCQlIWasiWbDZ/EIfl
LJDN0M5dJ9mKLSW4jgg1Pu2utnJwe4wmAusH0UWEtJjiCfSMHJvYl8Nea1nXcZrS
twlZxZNhYgG5dJQOPSZCmmy9Ra+hQ0R3F/RsPouE+cOOfW1/Iy9mpAcsjDVm2Utk
FRvBAyd4rgdsKXk8P6oWmFVYYTb9RC8/Dkc66gCGUKMLzkKBY3m0sHGTYTRB3FAA
VVB0yIlnEw7I4tWd1Rk8iUFwuSSjx5+PB8f7DxgQf0PY4cNZFiVL6gKFzwpWJIJ1
OMeSl0i986J/ozo+3OkjDwUS/frAy19EpUcpxeBs7wmBqoklKeE=
=GlP8
-----END PGP SIGNATURE-----