-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Apr 2026 17:04:15 +0200
Source: nghttp2
Binary: libnghttp2-14 libnghttp2-14-dbgsym libnghttp2-dev nghttp2-client nghttp2-client-dbgsym nghttp2-proxy nghttp2-proxy-dbgsym nghttp2-server nghttp2-server-dbgsym
Architecture: armhf
Version: 1.64.0-1.1+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: armhf Build Daemon (arm-ubc-05) <buildd_arm64-arm-ubc-05@buildd.debian.org>
Changed-By: Lukas Märdian <slyon@debian.org>
Description:
 libnghttp2-14 - library implementing HTTP/2 protocol (shared library)
 libnghttp2-dev - library implementing HTTP/2 protocol (development files)
 nghttp2-client - client implementing HTTP/2 protocol
 nghttp2-proxy - reverse proxy implementing HTTP/2 protocol
 nghttp2-server - server implementing HTTP/2 protocol
Closes: 1131369
Changes:
 nghttp2 (1.64.0-1.1+deb13u1) trixie-security; urgency=medium
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2026-27135 (Closes: #1131369)
     Fix missing iframe->state validations to avoid assertion failure.
   * Add test for CVE-2026-27135 (cherry-picked from upstream c619c7b)
Checksums-Sha1:
 25801bf8221585146f4287ea129a6597a0a72595 226184 libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_armhf.deb
 a1247447e39d742e050ed92bc4ce95db4e1309c0 63196 libnghttp2-14_1.64.0-1.1+deb13u1_armhf.deb
 5bd86e3b70e026bd5523d2c1833de9df6c1a071c 103552 libnghttp2-dev_1.64.0-1.1+deb13u1_armhf.deb
 2f7d4b3cebc3fecc8c784564b12a4453ffd57e48 2076776 nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_armhf.deb
 785ec77a71520cf99c9f9e2d9375415ab7c28e84 164536 nghttp2-client_1.64.0-1.1+deb13u1_armhf.deb
 1641e7f23a3b9f63860055dc40a977181947b824 6196864 nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_armhf.deb
 2373054e597176aa803626be7b00edee19ef90dd 381368 nghttp2-proxy_1.64.0-1.1+deb13u1_armhf.deb
 f3bbed3490ea3ffa54bf5567c2d60067852cef3f 1120836 nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_armhf.deb
 ca15c803b830aa0eb0e2e50b7e8d043947a8534b 96140 nghttp2-server_1.64.0-1.1+deb13u1_armhf.deb
 b4ac94a0710afbfe46a3b47ee01271a5e5024689 8572 nghttp2_1.64.0-1.1+deb13u1_armhf-buildd.buildinfo
Checksums-Sha256:
 63db2318ae5fdf8e35dc33ce7d59deeaeccdc6c74b924231bd71c9c6c3ec4d5a 226184 libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_armhf.deb
 c7e6c44d15ab025d0a03d8d39f96ea56a3697908c31cc6858646e7e2c0564ece 63196 libnghttp2-14_1.64.0-1.1+deb13u1_armhf.deb
 3ea01e67695ade7e7077be55764c6de9891a52dfb70d5f384a0a830cd8d07fde 103552 libnghttp2-dev_1.64.0-1.1+deb13u1_armhf.deb
 dc0a1ad71c59ce2e4fe98e393dd0304ef0353dec234e52b13ca7546bef5cad4b 2076776 nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_armhf.deb
 56ff045b5a11c53687933f592793aa5d9036b7d58b5be32a5af866e283c317a4 164536 nghttp2-client_1.64.0-1.1+deb13u1_armhf.deb
 4fa70c34f6c4bcd02f88b5ffe90f7c65e5f2637a0efbfe608633588c7a3f06c7 6196864 nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_armhf.deb
 29cff52f7b4efbff1d0ed24547f088bd320e61683cfe27d8aefb4f3ebeae3862 381368 nghttp2-proxy_1.64.0-1.1+deb13u1_armhf.deb
 b7c080a7977ec6c3116078ebc81fdd759c2fd924d44e07edbc4c460f43c0e642 1120836 nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_armhf.deb
 4f18300766dd41a8372df35317127e8420c78f4229829a999d6c7c5fd5b46e39 96140 nghttp2-server_1.64.0-1.1+deb13u1_armhf.deb
 a7e55896acee5f19935e6504fe62859c24f02b3e5bf15fa21a861171e25f58d8 8572 nghttp2_1.64.0-1.1+deb13u1_armhf-buildd.buildinfo
Files:
 42e1b9dc401de6142c8e8c0514997652 226184 debug optional libnghttp2-14-dbgsym_1.64.0-1.1+deb13u1_armhf.deb
 eaddf3dac72fb8114ea94ce37d81e4f8 63196 libs optional libnghttp2-14_1.64.0-1.1+deb13u1_armhf.deb
 ac61007850d79bdb22d98f8d6c184318 103552 libdevel optional libnghttp2-dev_1.64.0-1.1+deb13u1_armhf.deb
 c10a101872d04b47b069a95211e758d1 2076776 debug optional nghttp2-client-dbgsym_1.64.0-1.1+deb13u1_armhf.deb
 43d23f587117ca71b75e5e42551d887b 164536 httpd optional nghttp2-client_1.64.0-1.1+deb13u1_armhf.deb
 5becac51d042899644ec38f5b1e4b70b 6196864 debug optional nghttp2-proxy-dbgsym_1.64.0-1.1+deb13u1_armhf.deb
 da61c46a1a09638c86c1551bb8d598ea 381368 httpd optional nghttp2-proxy_1.64.0-1.1+deb13u1_armhf.deb
 b4bbb2e2ffd2b26c84b543e0bb3f886c 1120836 debug optional nghttp2-server-dbgsym_1.64.0-1.1+deb13u1_armhf.deb
 4d115339b196fc0ffdef093f92fa241c 96140 httpd optional nghttp2-server_1.64.0-1.1+deb13u1_armhf.deb
 ffdc7fa08906469a9919da452cdd4f4a 8572 httpd optional nghttp2_1.64.0-1.1+deb13u1_armhf-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7rv+l3KtZdQea77lnwznazfjXToFAmoEbpoACgkQnwznazfj
XTqzkxAA089THfNGeGFMZMtSXG5ODXgqPFRYr9x/pdZ/S8+FeZCFiEyEKND81lNq
3hM9HRPsdeU9B+CmQSuh4qXQcDSdhokSXrCi0KBmA4KrW44B6eLTA6DHs+uklOwY
lEqGHcH9m+zSJF1DRAHpZnSNUYvCDHoa57+Pj0KZ/LpHdcn70AHHff6H1sU+EDeg
m+fBwTBuJFwYC+Upw26L0psqxWMFd5up8xfcHsd5aP9EGIHIcNcHr+IEyhyB7Iqp
HTfTmqu+xvqTHCzViOP1Md1q/u2GF+bGlWAfTt0XwO5d0+25Fc7UH6i+hWXHLnka
fYSJhl4LybIaGHuk239TZz5RDN8ydr41R6J8N3Mv5vqlKKqbvMIJPusvZ21keWtn
CW65uStKIZAHGwaYgSR2YJ55gY1NGkz+mzymHmUdBpEKkfhilto9wx2rWJp4C7+J
4XxW9blP6vpIVsz1yoOb/IOlVkYVNABw+esXQJAcraUMjdMnTxAFDINwJrYuUNto
HKCixoSBfKtx7ThB9WQNaynlLHIsBsTlq47rmqXJtU/EEH99zS+K7yu3NbQz5oSI
NGZTikVQWolSyrOUT8n9EL0qAeyYlXMTiO9GoH5HavCHb/WwFUfc3tyJovsRiSUP
bsFjeDK88JEc63wRzPLOWerMiSjgQwTfjfOCwt4YEL0DyoBS5LI=
=Qg1E
-----END PGP SIGNATURE-----