TEMP-0000000-A4EF31

NameTEMP-0000000-A4EF31
DescriptionNull pointer access in inflatehd tool
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nghttp2 (PTS)jessie, jessie (lts)0.6.4-2+deb8u1vulnerable
stretch (security)1.18.1-1+deb9u2fixed
stretch (lts), stretch1.18.1-1+deb9u4fixed
buster (security), buster, buster (lts)1.36.0-2+deb10u3fixed
bullseye1.43.0-1+deb11u1fixed
bullseye (security)1.43.0-1+deb11u2fixed
bookworm1.52.0-1+deb12u2fixed
bookworm (security)1.52.0-1+deb12u1fixed
sid, trixie1.64.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nghttp2source(unstable)1.3.0-0.2unimportant

Notes

Upstream report: https://github.com/tatsuhiro-t/nghttp2/issues/235
Git commit: https://github.com/tatsuhiro-t/nghttp2/commit/3572e7c6343cb85fc21f5667a7ed0902cf5305cf (v0.7.15)
CVE Request: https://www.openwall.com/lists/oss-security/2015/06/03/20
inflatehd not installed into the Debian binary packages

Search for package or bug name: Reporting problems