-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Apr 2026 17:04:15 +0200
Source: nghttp2
Binary: libnghttp2-14 libnghttp2-14-dbgsym libnghttp2-dev nghttp2-client nghttp2-client-dbgsym nghttp2-proxy nghttp2-proxy-dbgsym nghttp2-server nghttp2-server-dbgsym
Architecture: s390x
Version: 1.64.0-1.1+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: s390x Build Daemon (zani) <buildd_s390x-zani@buildd.debian.org>
Changed-By: Lukas Märdian <slyon@debian.org>
Description:
 libnghttp2-14 - library implementing HTTP/2 protocol (shared library)
 libnghttp2-dev - library implementing HTTP/2 protocol (development files)
 nghttp2-client - client implementing HTTP/2 protocol
 nghttp2-proxy - reverse proxy implementing HTTP/2 protocol
 nghttp2-server - server implementing HTTP/2 protocol
Closes: 1131369
Changes:
 nghttp2 (1.64.0-1.1+deb13u1) trixie-security; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2026-27135 (Closes: #1131369)
     Fix missing iframe->state validations to avoid assertion failure.
   * Add test for CVE-2026-27135 (cherry-picked from upstream c619c7b)
Checksums-Sha1:
 09d6542ee714842ca5f0125dae88ed040b5ecfec 228108 libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_s390x.deb
 2adbcb5bddb6c530beb9fc16a7635e7b7e67362f 73876 libnghttp2-14_1.64.0-1.1+deb13u1_s390x.deb
 c4d9edd10ea03e7af334bc4de7bd24077febf931 113688 libnghttp2-dev_1.64.0-1.1+deb13u1_s390x.deb
 914de93f3c8ed63a5fd931b8d136c65ca4202d69 2127396 nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_s390x.deb
 886cb0466f4bd5f67b8df3e0263c440ff1d199c8 188024 nghttp2-client_1.64.0-1.1+deb13u1_s390x.deb
 7a151483a582b21546dfd626e0684e65ab7dcef8 6280708 nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_s390x.deb
 0a4a1bb73738b72d919bccf3bb2943ed9dd06c6f 426640 nghttp2-proxy_1.64.0-1.1+deb13u1_s390x.deb
 23b23915b8198febc0810457e3cb9fd93706c714 1152692 nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_s390x.deb
 e7562674b472ad8f2511ee0fbea84cfbfc4b7403 113308 nghttp2-server_1.64.0-1.1+deb13u1_s390x.deb
 49f7a5dc1899c0caaec70d137cf283c5108e80cc 8571 nghttp2_1.64.0-1.1+deb13u1_s390x-buildd.buildinfo
Checksums-Sha256:
 a2ff5ced7c5770b717227ecc350e9b5ed567bef96f5c516fb84eda3b9cc1a7a2 228108 libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_s390x.deb
 a53c7adb9a8b89e766fcb6e51dbaa08e39bfde3576be2b5b185edbf3e2a67a50 73876 libnghttp2-14_1.64.0-1.1+deb13u1_s390x.deb
 21e8e7b18d1bef5f68236a014b5c2556d955784fa4f65ba53da2cca3ccfd5d63 113688 libnghttp2-dev_1.64.0-1.1+deb13u1_s390x.deb
 a8ae8577b2f76a609945bdf4791f221f749310ccc5f4c1cb1b89d219518b69e9 2127396 nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_s390x.deb
 2f54acfacdefb38a875367992dce6066320a8f1631def646d9b00298c3b06949 188024 nghttp2-client_1.64.0-1.1+deb13u1_s390x.deb
 ae94332493a781597d5849167351225d035ccc8dcad37c9ce74b8973d7be1771 6280708 nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_s390x.deb
 df78b0114ced2da23541d61b8748cf9f429010b116cea3f18cc49bde107835d1 426640 nghttp2-proxy_1.64.0-1.1+deb13u1_s390x.deb
 bad322e9108555e4450a34f7b6da33c35a809ba80daefbab3a75b40b31266579 1152692 nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_s390x.deb
 1a74aacb2d69431d8ddf483777db4d1160e7c9190f9847f350fc3e1d84d34c03 113308 nghttp2-server_1.64.0-1.1+deb13u1_s390x.deb
 4777c8d4fb98810f16cf4633f63da2dbcd5ea34e5857d1d42d3878a1167605dc 8571 nghttp2_1.64.0-1.1+deb13u1_s390x-buildd.buildinfo
Files:
 1d701c0a185010e49c8fa73518cd2351 228108 debug optional libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_s390x.deb
 6ad6d1bf07c142764d9086602931d6e1 73876 libs optional libnghttp2-14_1.64.0-1.1+deb13u1_s390x.deb
 6b98aea3f68287615ee2ff56d570be7f 113688 libdevel optional libnghttp2-dev_1.64.0-1.1+deb13u1_s390x.deb
 7f8585a91be47cc8e08b898208834174 2127396 debug optional nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_s390x.deb
 1e0dbabba07675d03badaa7cbbb39aa9 188024 httpd optional nghttp2-client_1.64.0-1.1+deb13u1_s390x.deb
 bd3d1bef4417c48a2eeca17d5ddf12b2 6280708 debug optional nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_s390x.deb
 85e33b5290b2143778d4764aabd2bbc6 426640 httpd optional nghttp2-proxy_1.64.0-1.1+deb13u1_s390x.deb
 5f0e62866f8349fcbed6d9a23c91127e 1152692 debug optional nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_s390x.deb
 df62c16bce9291a3174e97df73d677f6 113308 httpd optional nghttp2-server_1.64.0-1.1+deb13u1_s390x.deb
 7cab292544eb575963a30d501eb92586 8571 httpd optional nghttp2_1.64.0-1.1+deb13u1_s390x-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgh4msZ+e2PZfd5KckaCrxAR3BY0FAmoEbv0ACgkQkaCrxAR3
BY2ICA/7BwIrv4V9bzC2VSLQ0XPXD3azcxb67XNPw4G88iIjrQCH/p+qSz2nTTEe
J3w3Qhhr5rbroV3T9bXirCgCo0wg+HtcS0fOQODklAMnDiIhPNbX+tL1ArMP0x1L
ChDoSdANJRc0L66xI7HFEbmlie4l3JaZRLWOaTn2fwVadsCOh/1+z6UqFFOdCLgB
Vz4yFxXEjD8T3hpog28ablUDEFvZlH3gXd4obnvO5vPp8gFyOGRMdZslzd5xtK1G
DtkUALG3iWA1s/oBShHHZF3qdCQOSaoanXb2uA1pk4qJTnS5LsEnhv7pybVZDdMY
ClgXqSoxNe4MEmaquLqY3UgFl/eBMNqT/ZmfgwydbTSaVAVLXepxtkw2xZ//sbTv
m9sTUp8AgpfbwWSpP4B/7+E3okBV+KWhcP2AAahac9kaZLCm2wl3xDmoisZAMNx6
RJ9yEKIxoZS9V8XiBJkSHZ/wF/UA6Py0XYelFX8aRAjbO1KknJbzXNAcQusoicxm
6eorRNgIHkGE57RTN5hoBj5mncn1eJFGpS7U1+bWyFMAuFiJEuaik0Md9ToH1pUK
yHxs3vnHB+DnU2W+HH3f2Kleao1xSigLYxn6oewNayyQLhp/6iYv2b7VnzyC3dlk
L+nbdr/pnwTmLVG/Rr9KW8w3VUA8C+2LoqStOzSM4W5qcSO7Jkc=
=/AuW
-----END PGP SIGNATURE-----