-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Apr 2026 17:04:15 +0200
Source: nghttp2
Binary: libnghttp2-14 libnghttp2-14-dbgsym libnghttp2-dev nghttp2-client nghttp2-client-dbgsym nghttp2-proxy nghttp2-proxy-dbgsym nghttp2-server nghttp2-server-dbgsym
Architecture: armel
Version: 1.64.0-1.1+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: armel Build Daemon (arm-ubc-03) <buildd_arm64-arm-ubc-03@buildd.debian.org>
Changed-By: Lukas Märdian <slyon@debian.org>
Description:
 libnghttp2-14 - library implementing HTTP/2 protocol (shared library)
 libnghttp2-dev - library implementing HTTP/2 protocol (development files)
 nghttp2-client - client implementing HTTP/2 protocol
 nghttp2-proxy - reverse proxy implementing HTTP/2 protocol
 nghttp2-server - server implementing HTTP/2 protocol
Closes: 1131369
Changes:
 nghttp2 (1.64.0-1.1+deb13u1) trixie-security; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2026-27135 (Closes: #1131369)
     Fix missing iframe->state validations to avoid assertion failure.
   * Add test for CVE-2026-27135 (cherry-picked from upstream c619c7b)
Checksums-Sha1:
 4fba487e8ba85d42121c7dde67e1c7e09703f856 223064 libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_armel.deb
 20bed1e16b18ac438bd80d3c45b797fe4b1d2ee7 63252 libnghttp2-14_1.64.0-1.1+deb13u1_armel.deb
 9f8e9872bd2e65e0028cbf3626418933883418b0 103408 libnghttp2-dev_1.64.0-1.1+deb13u1_armel.deb
 8af29c74d40631e462196c71859b48b735d545df 2066412 nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_armel.deb
 aca81294c7f0052f765195d163cab8d9da397aef 161492 nghttp2-client_1.64.0-1.1+deb13u1_armel.deb
 c84d8ee2f16376477e66862a74463a5f5db47baa 6106760 nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_armel.deb
 fa750ebb344c9e7822c90b7214d65f463ff2d3bd 373244 nghttp2-proxy_1.64.0-1.1+deb13u1_armel.deb
 a04ed74cd0bd3053c6e71700b02d332d20edbb84 1119148 nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_armel.deb
 23533f27525e370cb5ec8811bed38c92675054b0 94444 nghttp2-server_1.64.0-1.1+deb13u1_armel.deb
 9708c35eac3e9a4a57ee0856a34df0bff791fd86 8558 nghttp2_1.64.0-1.1+deb13u1_armel-buildd.buildinfo
Checksums-Sha256:
 ceb53d3edcc5bf8f88b475926027ea993ba3f4ff9304efa73800c51e63e845a1 223064 libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_armel.deb
 3ca7d27b6461756b59b076fb5c168958d63ee5c44b01e25a1e6c4bdf4745eeeb 63252 libnghttp2-14_1.64.0-1.1+deb13u1_armel.deb
 e3553e4160fc105e4e2eaee61bb9ec3d2db6a209bd4334761401bdf052ce9615 103408 libnghttp2-dev_1.64.0-1.1+deb13u1_armel.deb
 ba1169aac0142fd2663f5008b7f8afadd200a419ab1b49475bf6b3ef79e8d839 2066412 nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_armel.deb
 4b5d27de28745ea85d1265d004e645ee2b3682fac696ecaf6326befc523fb0c6 161492 nghttp2-client_1.64.0-1.1+deb13u1_armel.deb
 aad718679f69b44c1b7a3b3a3a36958f0e2f34fe04e4c1df88559c53d2599f90 6106760 nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_armel.deb
 3f045f65c37eba28052ae2f3d53d4f742238bbe1fec0b5777bee7cdde1d7250e 373244 nghttp2-proxy_1.64.0-1.1+deb13u1_armel.deb
 f27b78e4563d24b0030a9d8b3662168d22c6276707deb6483a2143c7d0b32992 1119148 nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_armel.deb
 2881db6468fcbf51677be13b7dfb49e306edf534e5541f74f18df0f088de8af4 94444 nghttp2-server_1.64.0-1.1+deb13u1_armel.deb
 a29c7c0579eba1b148eac58f0e3a69117ad3b6066d539d43ee387f5edc07e25a 8558 nghttp2_1.64.0-1.1+deb13u1_armel-buildd.buildinfo
Files:
 0d5ea130c99c3e42c105b9b705a42e2d 223064 debug optional libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_armel.deb
 116bfc06799191f76f575f8ea1f08c24 63252 libs optional libnghttp2-14_1.64.0-1.1+deb13u1_armel.deb
 4facfc587367819e77b88fd4eb98ca16 103408 libdevel optional libnghttp2-dev_1.64.0-1.1+deb13u1_armel.deb
 fd0cbe464ea09084d5d3530167a5c0f8 2066412 debug optional nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_armel.deb
 53e084a9626a3d2cc3bc53626f179f67 161492 httpd optional nghttp2-client_1.64.0-1.1+deb13u1_armel.deb
 6a35ec663b603ab873cc7a1439ae37e3 6106760 debug optional nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_armel.deb
 4e73b51d8716bd6dc26feb0a3af268b0 373244 httpd optional nghttp2-proxy_1.64.0-1.1+deb13u1_armel.deb
 fb7988751dfbc8cc7958572af7044f06 1119148 debug optional nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_armel.deb
 e20efa31c7a2993ee5f5a4386020bccb 94444 httpd optional nghttp2-server_1.64.0-1.1+deb13u1_armel.deb
 84a484b327d7bef8c0ca4ea4c9951982 8558 httpd optional nghttp2_1.64.0-1.1+deb13u1_armel-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE2kd8oHy+LXk/nybqvzDqKQSGl8UFAmoEbroACgkQvzDqKQSG
l8W1GRAAwmtu91boWqjrpN992+kNZG8fnpDtGO0i1Uhw4KgpAv/WMWXZ1rug7ijl
Nc6UYTcjs7FEH+gi/m2PPwXmvQ7sZT6gXXJMwN5Qx6vi4R5NCjXJPciYmdvDTleb
lWUe4NQlOWuooK4s4Oa+WxauEDoPEHdsABta5st01O0R6BjWjUj7D5yyGObB3z8H
+1MpZrRmCc+ap0tGDF8J7KyM5+xq2AYjjWvr6XheeQehAVdynMWJeEfhZfpVxEK5
kkSxqOEnf0q5SJboqhTSo2WX0RzJkXhpsnYFdcyhf23IO2084j5u9V9xZa737/Uv
pzIayeyrQPVuDMZ67WPwDnc+rlWJ+R1bF9xnu5aEBnTAMSOliuFWleOk/6esrg2Z
IzkBhEg0HFqT9P774AaRYt+/saC4Bgd2z/MOH1uY/B8ztHwInTx9go1YTWCL9/yD
rjuPKo3HZC1h6MELu3nltnDz8ANpc9Fo0PBzgySqyq7bCW9TCSd1hzC3eNLukoLd
t7i0PPVwiEg45cPTyYvJF0NZsqQ0B6RoNghp8ZI52VKyJQbkXa3QdnOgjo5f2kL6
DgiaFZsGLx+TQlnh3qdev0JpLY6pzMbSmZcM4MSdAQ9/KUOUYJ1DSA6jqqBjeNRy
GvWI9pMCoyRjPaMPKQUeFs2OU3e6PtoHcjmVX93CaPZZdnP68m4=
=ChCy
-----END PGP SIGNATURE-----