kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/www/nghttp2/distinfo
adam a3dbd4b34d nghttp2: updated to 1.39.2 
nghttp2 v1.39.2

This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
“Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2
frames cause Denial of Service by consuming CPU time. Check out
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for details. For nghttpx, additionally limiting inbound traffic by --read-rate and --read-burst options is quite effective against this kind of attack.

Fix CVE-2019-9511 and CVE-2019-9513
Add nghttp2_option_set_max_outbound_ack API function
nghttpx: Fix request stall
2019-08-14 07:43:33 +00:00

6 lines
410 B
Text
Raw Blame History

$NetBSD: distinfo,v 1.42 2019/08/14 07:43:33 adam Exp $
SHA1 (nghttp2-1.39.2.tar.xz) = 21cc8e8b1f71e3812c5c957280d6addd916311fa
RMD160 (nghttp2-1.39.2.tar.xz) = 5bda6a53aeaa2d7c194c990346951080a96f0912
SHA512 (nghttp2-1.39.2.tar.xz) = d8c971543e3e87736dfafebca55e9ecd0644e304c9731edaccba34170205824476595861a439077289b438ad489dd6008dedf2c6b2c111920300329be1b1bf34
Size (nghttp2-1.39.2.tar.xz) = 1635428 bytes
Reference in a new issue View git blame Copy permalink