-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Apr 2026 17:04:15 +0200
Source: nghttp2
Binary: libnghttp2-14 libnghttp2-14-dbgsym libnghttp2-dev nghttp2-client nghttp2-client-dbgsym nghttp2-proxy nghttp2-proxy-dbgsym nghttp2-server nghttp2-server-dbgsym
Architecture: riscv64
Version: 1.64.0-1.1+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: riscv64 Build Daemon (rv-osuosl-02) <buildd_riscv64-rv-osuosl-02@buildd.debian.org>
Changed-By: Lukas Märdian <slyon@debian.org>
Description:
 libnghttp2-14 - library implementing HTTP/2 protocol (shared library)
 libnghttp2-dev - library implementing HTTP/2 protocol (development files)
 nghttp2-client - client implementing HTTP/2 protocol
 nghttp2-proxy - reverse proxy implementing HTTP/2 protocol
 nghttp2-server - server implementing HTTP/2 protocol
Closes: 1131369
Changes:
 nghttp2 (1.64.0-1.1+deb13u1) trixie-security; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2026-27135 (Closes: #1131369)
     Fix missing iframe->state validations to avoid assertion failure.
   * Add test for CVE-2026-27135 (cherry-picked from upstream c619c7b)
Checksums-Sha1:
 19081ee8566e4bf15ac950d34d52618035090f0f 218308 libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_riscv64.deb
 fe85d564c4284f9c8cf09eb914bf6be576afdcb6 78040 libnghttp2-14_1.64.0-1.1+deb13u1_riscv64.deb
 06ff61657e8722659ec53760b18e58277e9de62f 219368 libnghttp2-dev_1.64.0-1.1+deb13u1_riscv64.deb
 8feae070cec61722252f298c15b61ddfca9b1e80 1737408 nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_riscv64.deb
 04e4f716e9d20def9bfa4429036ace4f78af7fdf 188212 nghttp2-client_1.64.0-1.1+deb13u1_riscv64.deb
 c59fb823d0a588ffe1b04b7117577047d80dff4f 5327428 nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_riscv64.deb
 37da7278ad0c51d00277d18cd3a20d14fd80a291 429680 nghttp2-proxy_1.64.0-1.1+deb13u1_riscv64.deb
 9556a707f637619f50fd416fd6e53da929b81e06 916016 nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_riscv64.deb
 f482784f7d884f3758f5609a1fcb342976f3824d 111788 nghttp2-server_1.64.0-1.1+deb13u1_riscv64.deb
 a44999ccceb9b0ce6f7aa021c39d702c74126dda 8692 nghttp2_1.64.0-1.1+deb13u1_riscv64-buildd.buildinfo
Checksums-Sha256:
 4b75d817a4832b996701d270dc0409b5ea365019ef7ee7202c2b75018eac2163 218308 libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_riscv64.deb
 efbe798cb70b396ac8a5561d808948feaaab23fa47e4298e7833cee18eb4e394 78040 libnghttp2-14_1.64.0-1.1+deb13u1_riscv64.deb
 232dc948af83f42234171e4582867a7dee7d64acb8189d203604cdc6f92f3a2f 219368 libnghttp2-dev_1.64.0-1.1+deb13u1_riscv64.deb
 4fb12e166d8377a92212452980c86a9c2bb2f17ec07fa80b8fd3bf54664fdf2f 1737408 nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_riscv64.deb
 d1cf2892176bb193380fff3f05dcc54eae02123816ff683fdf14e4bcc7e15d3e 188212 nghttp2-client_1.64.0-1.1+deb13u1_riscv64.deb
 6ebf29ac493e52fc7cec4031e0e7ee44a3d102291ac1622f5ff33138b6da1797 5327428 nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_riscv64.deb
 f565f81cb8f369aa5609e10975babe7b2f7353f4b6aa046e0b871c3882a61f8a 429680 nghttp2-proxy_1.64.0-1.1+deb13u1_riscv64.deb
 c9bb32251df679dbc3f89e18467b73aeeae039681b004ee26e17e55fbddfbb09 916016 nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_riscv64.deb
 4233f637c2beced1475a2ef9f08ca667ab6e105b507f2b6afc0e5c044c0f3d12 111788 nghttp2-server_1.64.0-1.1+deb13u1_riscv64.deb
 a5e86fc66bbb2493cd4be598c0c449c9ad4ba77fe38ef5064e9ae1c42d6720fa 8692 nghttp2_1.64.0-1.1+deb13u1_riscv64-buildd.buildinfo
Files:
 d0be196073b1cd9c0ce493730365e37d 218308 debug optional libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_riscv64.deb
 e03d848a5a01d8edd7b5911bf0fdacad 78040 libs optional libnghttp2-14_1.64.0-1.1+deb13u1_riscv64.deb
 7544ca62db8a19078fa73f5db740199a 219368 libdevel optional libnghttp2-dev_1.64.0-1.1+deb13u1_riscv64.deb
 9411d215c8bb616b8089029a7fc19f46 1737408 debug optional nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_riscv64.deb
 84eb410026ba7202266f6faaa2626955 188212 httpd optional nghttp2-client_1.64.0-1.1+deb13u1_riscv64.deb
 09ec462febad871dbcf3c15118663383 5327428 debug optional nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_riscv64.deb
 28b22ac15f037b9eef30c61b14eec596 429680 httpd optional nghttp2-proxy_1.64.0-1.1+deb13u1_riscv64.deb
 7b120994a67898c1e56154ce569f66f2 916016 debug optional nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_riscv64.deb
 4e374bad6f2b0242689cc6b402ba807d 111788 httpd optional nghttp2-server_1.64.0-1.1+deb13u1_riscv64.deb
 08f186dee8ab5172218ef4d310be146f 8692 httpd optional nghttp2_1.64.0-1.1+deb13u1_riscv64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/AxPdLOtOshqz3vw/Fc5EAGpa+sFAmoEdO0ACgkQ/Fc5EAGp
a+tDIg//RLS9n38CpdpYAirgDmFet7iXMBGZWCpF2BU911OE4jwpvn2M08bagGsw
7+t7Cpp8Ul25BEfpdkidzFITFczY3TjT2OlCcuJc+2QUnJSMt5Z5fXgjTACC7/X+
kqUOHTE6vBEX03xR4TjOCpIhMYDLsI0PM5GPCH1EXKYay/vha/1H/B+WgmqBSazM
KnUyDBoessnYpF3bar9FMl6JfiTLCwIg8UwOQpr1x5qtP6rYlY8P0I7yDxcJnLxJ
Z25gGJ1rAojgxcGyGV/TqC657UC3DKbdNsKrY2+ZgUctFr2y+bSrYC3/35aA72Cr
9BwqcRhHSy6jC3nS5TMF6r7N0ZP0AUeGewzzlRX4ZP8Hc6u7apNda6lwy7YDTB0y
VlNouOq+6kk9RLNyHnGqwMToHJBc1Obh7sED35TjMgFH6AgUJcsXYVGRJj29y8Qb
5owjTWCHulap7W+9ZkAkUsmk+ehITBbj57q560PSo7u8XMhx0X/7jCzKWKePh5vT
vzDj0f2gAOdNIdfn1wTG7jrJnqX6QWBaM381repaMCE7lUwSRSYUYZH9m+7Hurlb
8dIbnTPZL7ZELmPXy5ozrdE1q/FcjhwgifzFlSXGCrbSYZdDM41gvQ4qpnGB1wSk
aYdh1ILcjBAVyhPqpywwIhenEgevLdQri/76RlOpsz3Z2Q5AtF4=
=vnvb
-----END PGP SIGNATURE-----