Your message dated Sat, 31 Aug 2019 01:02:11 +0000 with message-id <e1i3rmn-0006un...@fasolo.debian.org> and subject line Bug#934886: fixed in h2o 2.2.5+dfsg2-2+deb10u1 has caused the Debian Bug report #934886, regarding CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 934886: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934886 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: h2o Severity: grave Tags: security h2o is affected by three of the recently announced HTTP2 issues: https://github.com/h2o/h2o/issues/2090 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: h2o Source-Version: 2.2.5+dfsg2-2+deb10u1 We believe that the bug you reported is fixed in the latest version of h2o, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 934...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Anton Gladky <gl...@debian.org> (supplier of updated h2o package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 20 Aug 2019 22:29:07 +0200 Source: h2o Binary: h2o h2o-dbgsym h2o-doc libh2o-dev libh2o-dev-common libh2o-evloop-dev libh2o-evloop0.13 libh2o-evloop0.13-dbgsym libh2o0.13 libh2o0.13-dbgsym Architecture: source amd64 all Version: 2.2.5+dfsg2-2+deb10u1 Distribution: buster-security Urgency: high Maintainer: Apollon Oikonomopoulos <apoi...@debian.org> Changed-By: Anton Gladky <gl...@debian.org> Description: h2o - optimized HTTP/1.x, HTTP/2 server h2o-doc - optimized HTTP/1.x, HTTP/2 server - documentation libh2o-dev - dev helpers of the H2O library compiled with libuv libh2o-dev-common - H2O library headers libh2o-evloop-dev - dev helpers of the H2O library compiled with its own event loop libh2o-evloop0.13 - H2O library compiled with its own event loop libh2o0.13 - H2O library compiled with libuv Closes: 934886 Changes: h2o (2.2.5+dfsg2-2+deb10u1) buster-security; urgency=high . * [d9b7843] Fix HTTP/2 DoS attack vulnerabilities. CVE-2019-9512 CVE-2019-9514 CVE-2019-9515. (Closes: #934886) Checksums-Sha1: 89b40d175eec1ea2302af81dc2ad14cc0d717cc1 2610 h2o_2.2.5+dfsg2-2+deb10u1.dsc fab346b873f07f5de65709d7a925c52555637f83 11138636 h2o_2.2.5+dfsg2.orig.tar.xz 2bdd5490959b5fa66f7bd19d5247a7bd72f03e0a 14492 h2o_2.2.5+dfsg2-2+deb10u1.debian.tar.xz 9ed9c3a5a318981573b3e9ff7f87b96326bb4209 3857328 h2o-dbgsym_2.2.5+dfsg2-2+deb10u1_amd64.deb 8d90300d7814f3a8d63c3c4938d53ce76705dee7 834940 h2o-doc_2.2.5+dfsg2-2+deb10u1_all.deb 60b8a463267298781b3ffbfb6986e5dff23cc615 11600 h2o_2.2.5+dfsg2-2+deb10u1_amd64.buildinfo 47e2fd5b03bc207295043f4d8a0744cf6bc3f4ff 935304 h2o_2.2.5+dfsg2-2+deb10u1_amd64.deb da8b7126597baf95bbae78647b6dec2ad649e037 56176 libh2o-dev-common_2.2.5+dfsg2-2+deb10u1_all.deb 57eb05c50c3c61ee64d1edc4c039ba149ee30445 20156 libh2o-dev_2.2.5+dfsg2-2+deb10u1_amd64.deb 09ce914270c1f67521bf2f70aae6094fabca7760 20160 libh2o-evloop-dev_2.2.5+dfsg2-2+deb10u1_amd64.deb a8a12f8361c69767ca987433de4194cb051b082e 926268 libh2o-evloop0.13-dbgsym_2.2.5+dfsg2-2+deb10u1_amd64.deb 6312d36eca68e52d5dc688aa9b31a607bdfd895c 186152 libh2o-evloop0.13_2.2.5+dfsg2-2+deb10u1_amd64.deb d2c6751f30a6596e3b24ec1c2ec1159b3ac650fe 971992 libh2o0.13-dbgsym_2.2.5+dfsg2-2+deb10u1_amd64.deb e9d38e8760cf3da9e6cc25621276416a12dfeed0 183536 libh2o0.13_2.2.5+dfsg2-2+deb10u1_amd64.deb Checksums-Sha256: 1f45e4f5eb0798f3fb49c185b07b0c31a1ca7485062c5df3fd92f29563a67408 2610 h2o_2.2.5+dfsg2-2+deb10u1.dsc a46894bd85da6528d4ad90ce0443b48118718296175061a1a1156e9e3af60a0d 11138636 h2o_2.2.5+dfsg2.orig.tar.xz f334540213807d0c88bfe77119bc7380f1d16c63d5ce960f7256f41379d33903 14492 h2o_2.2.5+dfsg2-2+deb10u1.debian.tar.xz 58ec626a4727e0f9be06301954b3de6d859a95f8628d943ad9e4514037951dd7 3857328 h2o-dbgsym_2.2.5+dfsg2-2+deb10u1_amd64.deb 4c05c8615437508483f17f289a7397741e71b6236859a99085a63d02c157ede4 834940 h2o-doc_2.2.5+dfsg2-2+deb10u1_all.deb aecb5ccc897605f6b72f264e1247bd5ddbb8d02afab2f0b824631cd3dbe052e2 11600 h2o_2.2.5+dfsg2-2+deb10u1_amd64.buildinfo 508913c466272adc40d97aab6080a81cdfb33dd5c7b6c0ddba6913d81375c155 935304 h2o_2.2.5+dfsg2-2+deb10u1_amd64.deb ef8a9b42d6aef5ed0e129a186998e524caa8af28434bc37212dc1351fa9d8393 56176 libh2o-dev-common_2.2.5+dfsg2-2+deb10u1_all.deb 4f4d96c372caeb20fe26cfcd0c2a0dd1d55761f61435ed6edf2f2649881abf82 20156 libh2o-dev_2.2.5+dfsg2-2+deb10u1_amd64.deb 8abcda19ea64495f9427a3fd87785218fa688ad3e696ef74591c6de81b45d0cc 20160 libh2o-evloop-dev_2.2.5+dfsg2-2+deb10u1_amd64.deb d68e1b5a550cab78ee607764433cfff60f7cef1c0771be1449d188d9219cfe9e 926268 libh2o-evloop0.13-dbgsym_2.2.5+dfsg2-2+deb10u1_amd64.deb e96d7ae797c68c74470e99db289c37b3c0232a16a94fc9e55d3c8d82356edc90 186152 libh2o-evloop0.13_2.2.5+dfsg2-2+deb10u1_amd64.deb 62331bb18117dc41319a063c62f7ac1f8620587de73d93d8e51580a140107f34 971992 libh2o0.13-dbgsym_2.2.5+dfsg2-2+deb10u1_amd64.deb 285901b83ead49fce58a95177b6f33386aec72457cc3fb3cb4bae4377a8855f3 183536 libh2o0.13_2.2.5+dfsg2-2+deb10u1_amd64.deb Files: 35763ad3fc8fc20a39cf882a40a884da 2610 httpd optional h2o_2.2.5+dfsg2-2+deb10u1.dsc fc77e39211fd29585b0c470053d5cc86 11138636 httpd optional h2o_2.2.5+dfsg2.orig.tar.xz 8941ae1a145e5e4201b750a5439c6d44 14492 httpd optional h2o_2.2.5+dfsg2-2+deb10u1.debian.tar.xz 24ff12f1dc8fda55ace5a02423b1fec7 3857328 debug optional h2o-dbgsym_2.2.5+dfsg2-2+deb10u1_amd64.deb 455c3e5a6a56a629afd8903ef97d1972 834940 doc optional h2o-doc_2.2.5+dfsg2-2+deb10u1_all.deb fdf95abfa338aed10e0b1f4e4a81e528 11600 httpd optional h2o_2.2.5+dfsg2-2+deb10u1_amd64.buildinfo d1f07af88477073ac66c27a25093b45a 935304 httpd optional h2o_2.2.5+dfsg2-2+deb10u1_amd64.deb 7360253e84ff026904343a856a612dfc 56176 libdevel optional libh2o-dev-common_2.2.5+dfsg2-2+deb10u1_all.deb 05e91e1ea19a35ed88f9741c059f3059 20156 libdevel optional libh2o-dev_2.2.5+dfsg2-2+deb10u1_amd64.deb 94a2b9534e1fa81d51568da58148d605 20160 libdevel optional libh2o-evloop-dev_2.2.5+dfsg2-2+deb10u1_amd64.deb 3ac18aaaceb1e73e89c7d05faa657c5e 926268 debug optional libh2o-evloop0.13-dbgsym_2.2.5+dfsg2-2+deb10u1_amd64.deb 640eac73556efb86a2caa043c14d2927 186152 libs optional libh2o-evloop0.13_2.2.5+dfsg2-2+deb10u1_amd64.deb 4c7a99e78b482841a9a1b4e951e40a8d 971992 debug optional libh2o0.13-dbgsym_2.2.5+dfsg2-2+deb10u1_amd64.deb 021aa411e4ebfac1c4deb71e00f32c94 183536 libs optional libh2o0.13_2.2.5+dfsg2-2+deb10u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl1dkioACgkQ0+Fzg8+n /wbuRQ//Sp3ATepyFX1cexN9vTkJOKQKnvOwXOnlzhBICppPnaDkeO3UG3Fcp9zn UWeDbk+igvrhkZKXwTGGRcLSZgA8W/uVd7235c1Z8UqTliBB92qadtH5NO0pxHv1 rbthHBOXcO/+RQRTNiwPWaCXIRaABY6Bb9rj3heraMFFTe6kVd6+XB94b8k7JCkX YomUoZlfsaCSR7GT3elYKGqQU3pTbK+iwu/CzRoyn+2NCeJCIItPSBDihMd771wK 97IM+45tjwKu7wPiE/JzgqGTNtozFEdjt7PvJGfP7tjGRSkLW9Udti10IyWsFpjA rch3HJyYgCkLcWhT31p8K+yssXNo0xOBcuROu65Bi1v6IS/ay7hFh/XupIQtQkv4 xzJQutfOuUHHOChNypbo/YSTYPhCnFJO2G/0tFMYnW27UHqH0Bn6Swlxz0EeLEVr dpyIgMSDxTrwTeGoKXuB6CMB91U2C2ZCoYb0tM7Q20bvzHDgLMUN3Zc7U3UNS18k GA+Utzone2jPZ19vJkGNXXtFDzuEhgQtb7z8uYSbUDW1wyEZApPVCmICPMo89aSY i1rNc5S0eS1h0lmrXHBdzxOSve2AfvG63qB+3YW1pimyy4qNl8yhLnAqckxtb3KZ f85oDNImBbFZtB0YTvYaaVa0uKqXptuRL5iVDl99/jrvpZdB2jE= =I4z5 -----END PGP SIGNATURE-----
--- End Message ---
