From 71d79a575cc734b617d5f64b2140556f81482abb Mon Sep 17 00:00:00 2001 From: Zhixiong Chi Date: Mon, 4 Dec 2023 01:59:01 -0800 Subject: [PATCH] nghttp2: Upgrade to 1.43.0-1+deb11u1 Upgrade subpackage libnghttp2-14 to 1.43.0-1+deb11u1 to fix CVE issue CVE-2023-44487 Refer to: https://security-tracker.debian.org/tracker/DSA-5570-1 https://www.debian.org/security/2023/dsa-5570 https://www.tenable.com/plugins/nessus/186518 TestPla PASS: downloader; build-pkgs; build-image PASS: Jenkins Installation Closes-Bug: 2045544 Signed-off-by: Zhixiong Chi Change-Id: Ib6d97caf466b851e814e818b41a69cdb62752eb0 --- debian-mirror-tools/config/debian/common/base-bullseye.lst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian-mirror-tools/config/debian/common/base-bullseye.lst b/debian-mirror-tools/config/debian/common/base-bullseye.lst index d624a997..d8265d90 100644 --- a/debian-mirror-tools/config/debian/common/base-bullseye.lst +++ b/debian-mirror-tools/config/debian/common/base-bullseye.lst @@ -514,7 +514,7 @@ libnfs-dev 4.0.0-1 libnfsidmap2 0.25-6 libnftables1 0.9.8-3.1 https://snapshot.debian.org/archive/debian/20220703T032011Z/pool/main/n/nftables/libnftables1_0.9.8-3.1_amd64.deb libnftnl11 1.1.9-1 -libnghttp2-14 1.43.0-1 +libnghttp2-14 1.43.0-1+deb11u1 https://snapshot.debian.org/archive/debian-security/20231204T084520Z/pool/updates/main/n/nghttp2/libnghttp2-14_1.43.0-1+deb11u1_amd64.deb libnl-3-200 3.4.0-1+b1 libnl-3-dev 3.4.0-1+b1 libnl-cli-3-200 3.4.0-1+b1