-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Apr 2026 16:23:22 +0200
Source: nghttp2
Binary: libnghttp2-14 libnghttp2-14-dbgsym libnghttp2-dev nghttp2-client nghttp2-client-dbgsym nghttp2-proxy nghttp2-proxy-dbgsym nghttp2-server nghttp2-server-dbgsym
Architecture: armhf
Version: 1.52.0-1+deb12u3
Distribution: bookworm-security
Urgency: high
Maintainer: armhf Build Daemon (arm-ubc-06) <buildd_arm64-arm-ubc-06@buildd.debian.org>
Changed-By: Lukas Märdian <slyon@debian.org>
Description:
 libnghttp2-14 - library implementing HTTP/2 protocol (shared library)
 libnghttp2-dev - library implementing HTTP/2 protocol (development files)
 nghttp2-client - client implementing HTTP/2 protocol
 nghttp2-proxy - reverse proxy implementing HTTP/2 protocol
 nghttp2-server - server implementing HTTP/2 protocol
Closes: 1131369
Changes:
 nghttp2 (1.52.0-1+deb12u3) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2026-27135 (Closes: #1131369)
     Fix missing iframe->state validations to avoid assertion failure.
   * Add test for CVE-2026-27135 (cherry-picked from upstream c619c7b)
Checksums-Sha1:
 47d8dc41353487858bcbc02ca720e0f4fec4c6a7 215976 libnghttp2-14-dbgsym_1.52.0-1+deb12u3_armhf.deb
 7373891fa5607562758dd15ee175975af228f63d 62456 libnghttp2-14_1.52.0-1+deb12u3_armhf.deb
 f932a86090343622a1d1f52f7da433615dbe2182 98972 libnghttp2-dev_1.52.0-1+deb12u3_armhf.deb
 024c7473436f3cf997ed3b3ed41a8be80b464bb4 1873736 nghttp2-client-dbgsym_1.52.0-1+deb12u3_armhf.deb
 fcfaefce47418b47da7bf285b60ff48d19441865 152332 nghttp2-client_1.52.0-1+deb12u3_armhf.deb
 b78e280c7425901634d8e2dc534d59a1d1c742af 5773532 nghttp2-proxy-dbgsym_1.52.0-1+deb12u3_armhf.deb
 2c7ff819a4f2b0971bb5354d451a050d52842d08 352632 nghttp2-proxy_1.52.0-1+deb12u3_armhf.deb
 55450d122c7d19d9f6caa1102b7c548ad3286371 944460 nghttp2-server-dbgsym_1.52.0-1+deb12u3_armhf.deb
 c6fc08218e04eded67d8be0ed7cb949c83042c50 87152 nghttp2-server_1.52.0-1+deb12u3_armhf.deb
 553942ea48bcaf75d86ee470e44f157e6dcaf0f5 8923 nghttp2_1.52.0-1+deb12u3_armhf-buildd.buildinfo
Checksums-Sha256:
 f03feeb800f9907011d7e88830ffc5c36ff4ff7b1904441316e765f4826c44f8 215976 libnghttp2-14-dbgsym_1.52.0-1+deb12u3_armhf.deb
 ef8cb9a1fe21f0f3d804488f4cfaf9959d26f594f387bd382e86f12307832d86 62456 libnghttp2-14_1.52.0-1+deb12u3_armhf.deb
 7f7220bf46b52ff1cc2849832aa34dd20af4b0f6e125b4f314da8afaeb1776af 98972 libnghttp2-dev_1.52.0-1+deb12u3_armhf.deb
 c297f44f1f3ea50222f95793c01e6ab6c9550216b55bdcfb10636af90784a21d 1873736 nghttp2-client-dbgsym_1.52.0-1+deb12u3_armhf.deb
 abc70336b10b72e4217cb3aa025fb6cb08f391a34d8bfba0ee9af50509516345 152332 nghttp2-client_1.52.0-1+deb12u3_armhf.deb
 a9027935efd90b13d2ed97f0781e2e7892d267b60ab50c1708df9e6dcb4896cd 5773532 nghttp2-proxy-dbgsym_1.52.0-1+deb12u3_armhf.deb
 1492a1dabd7b651ac6220d7ce427612dbc2ff75daeae33294efbe252ba02376d 352632 nghttp2-proxy_1.52.0-1+deb12u3_armhf.deb
 bfd4e273eaad6c57b1a8e2c7274301cdee04aed3bdd3841527f296b38fab9aea 944460 nghttp2-server-dbgsym_1.52.0-1+deb12u3_armhf.deb
 a355c1a7b9e66e43cc64bd14684b597d1defd650ead78682e2a5e37800d271cc 87152 nghttp2-server_1.52.0-1+deb12u3_armhf.deb
 8979efcbc583283ca19dcdaa17e1f87c8ed30d4f0564efdc222553aa107211bb 8923 nghttp2_1.52.0-1+deb12u3_armhf-buildd.buildinfo
Files:
 94466a4931a92f58aa7a2575af348362 215976 debug optional libnghttp2-14-dbgsym_1.52.0-1+deb12u3_armhf.deb
 e72e64384d3fe7e20fa40c43d1c621c0 62456 libs optional libnghttp2-14_1.52.0-1+deb12u3_armhf.deb
 37a9605384fd4a2c1cf3a9790fc62e27 98972 libdevel optional libnghttp2-dev_1.52.0-1+deb12u3_armhf.deb
 13a83842dea51a16b5b9e1a80ba858c3 1873736 debug optional nghttp2-client-dbgsym_1.52.0-1+deb12u3_armhf.deb
 a2847e3ea2c24bd3a0433827041aa79d 152332 httpd optional nghttp2-client_1.52.0-1+deb12u3_armhf.deb
 9ac1d91b1130b15c1882513b0ed9983c 5773532 debug optional nghttp2-proxy-dbgsym_1.52.0-1+deb12u3_armhf.deb
 7866c3fd4f9186dd469af80b6cfc897f 352632 httpd optional nghttp2-proxy_1.52.0-1+deb12u3_armhf.deb
 4c81594823ec0358f94b836e1b404a64 944460 debug optional nghttp2-server-dbgsym_1.52.0-1+deb12u3_armhf.deb
 5416dfea51836f012aeddd79526ca9b0 87152 httpd optional nghttp2-server_1.52.0-1+deb12u3_armhf.deb
 dbbb54ec9be383397e9f771985b32432 8923 httpd optional nghttp2_1.52.0-1+deb12u3_armhf-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBOUsBrtd5lcy6oRfutMAkCxKbL0FAmoEbjkACgkQutMAkCxK
bL14kg//aBM3hV/kk2eMjLSNB8xRjfOn8WqZk4DByO/j1DCfYSdrxCJhfvk94nfp
ii5OEkJh6k7rIjouy6VFxAB4Ej1aa+urrAgFuFYo9HlxB+kHDJkjaT3tC51ZjBTV
jnIFNm1cOjxgIlLzenkg6SqVQaLmt4nR5bvfzAJmAzAzew5/QLIs/XwRpesknbhK
+r8b756eeLzUPdoj/ZX27QlejAW04cJvYPx77UgfXmOsmagQmWiLtd6VTMLNa+AP
f2EICZQ0zJPBOo6YJ1hdgfWif87D+R5Ew3SmbdQyOxwx3TKTMH9bkqZtJ90uWTAq
wRRqazWmhSQEslZMKHHD6J9FFjiumaHjkbamqRk9RYdRSMxb+o73CoMsAYG1vjbf
s+yL8BHh4mC4Z8coJlQKwEr+xRUZbmFi2sWNo7O33PyiJ0D7+/c1nmfcoII9qHB8
sRQPwUJV6hT0DbJDTLnYtZc4Sbv/tTpN1wMHaqiBLgSfmMhLbgNl2XMgdywnH2ij
Kdn1+UXDPFFMQuCFobkEehxTNz7UQAKBdx1+0t4sq8kR7HrUkuZI/Gg8L3GPlX0d
UbiBAO1nFiuQfkHHoEl/JkZHYczKuJHYQtv1XoGc/guqhuN+JVHSWcBfkBPzDwQY
QTr6Rkl4rTrs+KiumEsr/4T13wAZaLTv9V1u0RsU5N9DGYTEbMI=
=YeG4
-----END PGP SIGNATURE-----