Bug 33060

Summary: rust-h2 new security issue (HTTP/2 CONTINUATION Flood)
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: Jani Välimaa <jani.valimaa>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
See Also: https://bugs.mageia.org/show_bug.cgi?id=33087
Whiteboard:
Source RPM: rust-h2-0.3.21-1.mga10.src.rpm CVE:
Status comment: fixed in version 0.3.26

Description Nicolas Salguero 2024-04-04 10:47:37 CEST 
That issue was announced here:
https://seanmonstar.com/blog/hyper-http2-continuation-flood/

See also:
https://nowotarski.info/http2-continuation-flood/

The problem is fixed in version 0.3.26.
Nicolas Salguero 2024-04-04 10:47:54 CEST

Source RPM: (none) => rust-h2-0.3.21-1.mga10.src.rpm

Comment 1 Lewis Smith 2024-04-04 21:59:07 CEST 
This pkg is new in Mageia, imported recently thanks to Jani. So assigning this bug to you, just a version update.

Status comment: (none) => fixed in version 0.3.26
Assignee: bugsquad => jani.valimaa

Nicolas Salguero 2024-04-10 16:17:56 CEST

Blocks: (none) => 33087

Nicolas Salguero 2024-04-10 16:27:20 CEST

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=33087

Nicolas Salguero 2024-04-10 16:28:09 CEST

Blocks: 33087 => (none)

Comment 2 Nicolas Salguero 2024-04-11 09:28:16 CEST 
rust-h2-0.3.26-1.mga10 fixed the problem.

Resolution: (none) => FIXED
Status: NEW => RESOLVED