From ccb6b81bbd41a95379c8a9ba0a089b2b36d89cd7 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Dec 10 2019 06:30:26 +0000 Subject: import httpd24-nghttp2-1.7.1-8.el7 --- diff --git a/SPECS/nghttp2.spec b/SPECS/nghttp2.spec index 0328ce2..78b2cf9 100644 --- a/SPECS/nghttp2.spec +++ b/SPECS/nghttp2.spec @@ -4,7 +4,7 @@ Summary: Meta-package that only requires libnghttp2 Name: %{?scl_prefix}nghttp2 Version: 1.7.1 -Release: 7%{?dist}.1 +Release: 8%{?dist} License: MIT Group: Applications/Internet URL: https://nghttp2.org/ @@ -115,11 +115,11 @@ make %{?_smp_mflags} check %changelog -* Tue Aug 27 2019 Lubos Uhliarik - 1.7.1-7.1 -- Resolves: #1744824 - CVE-2019-9511 httpd24-nghttp2: HTTP/2: large - amount of data request leads to denial of service -- Resolves: #1745691 - CVE-2019-9513 httpd24-nghttp2: HTTP/2: flood - using PRIORITY frames resulting in excessive resource consumption +* Tue Aug 27 2019 Lubos Uhliarik - 1.7.1-8 +- Resolves: #1745692 - CVE-2019-9513 httpd24-nghttp2: HTTP/2: flood using + PRIORITY frames resulting in excessive resource consumption +- Resolves: # 1744825 - CVE-2019-9511 httpd24-nghttp2: HTTP/2: large + amount of data request leads to denial of service * Thu Sep 13 2018 Luboš Uhliarik - 1.7.1-7 - Resolves: #1540167 - provides without httpd24 pre/in-fix