Bug 33060 - rust-h2 new security issue (HTTP/2 CONTINUATION Flood)
Summary: rust-h2 new security issue (HTTP/2 CONTINUATION Flood)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Jani Välimaa
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-04-04 10:47 CEST by Nicolas Salguero
Modified: 2024-04-11 09:28 CEST (History)
0 users

See Also:
Source RPM: rust-h2-0.3.21-1.mga10.src.rpm
CVE:
Status comment: fixed in version 0.3.26

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-04-04 10:47:37 CEST 
That issue was announced here:
https://seanmonstar.com/blog/hyper-http2-continuation-flood/

See also:
https://nowotarski.info/http2-continuation-flood/

The problem is fixed in version 0.3.26.
Nicolas Salguero 2024-04-04 10:47:54 CEST

Source RPM: (none) => rust-h2-0.3.21-1.mga10.src.rpm

Comment 1 Lewis Smith 2024-04-04 21:59:07 CEST 
This pkg is new in Mageia, imported recently thanks to Jani. So assigning this bug to you, just a version update.

Status comment: (none) => fixed in version 0.3.26
Assignee: bugsquad => jani.valimaa

Nicolas Salguero 2024-04-10 16:17:56 CEST

Blocks: (none) => 33087

Nicolas Salguero 2024-04-10 16:27:20 CEST

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=33087

Nicolas Salguero 2024-04-10 16:28:09 CEST

Blocks: 33087 => (none)

Comment 2 Nicolas Salguero 2024-04-11 09:28:16 CEST 
rust-h2-0.3.26-1.mga10 fixed the problem.

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.