CVE-2023-44487 impact: Difference between revisions
From Yocto Project
Jump to navigationJump to search
m (Fix formatting) |
(Add nghttpd2) |
||
| Line 18: | Line 18: | ||
Sources: https://go.dev/doc/devel/release#go1.20 | Sources: https://go.dev/doc/devel/release#go1.20 | ||
* nghttpd2 | |||
Status: Affected | |||
Master version: 1.56.0 (affected), upgrade needed to 1.57.0 or backport | |||
Nanbield version: Under analysis | |||
Kirkstone version: Under analysis | |||
Dunfell version: Under analysis | |||
Sources: https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0 | |||
== meta-openembedded == | == meta-openembedded == | ||
Under analysis | Under analysis | ||
Revision as of 13:01, 11 October 2023
(WIP) CVE-2023-44487 (HTTP2 RapidReset issue)
This is a synchronization wiki page to coordinate work on CVE-2023-44487 (known as HTTP/2 Rapid Reset issue) impact in the Yocto Project. When you have new information, do not hesitate to update/add to this page.
OE-core
- go
Status: Affected, confirmed
Master version: 1.20.7 (affected), update needed to 1.20.10 by Jose Quaresma
Nanbield version: Under analysis
Kirkstone version: Under analysis
Dunfell version: Under analysis
Sources: https://go.dev/doc/devel/release#go1.20
- nghttpd2
Status: Affected
Master version: 1.56.0 (affected), upgrade needed to 1.57.0 or backport
Nanbield version: Under analysis
Kirkstone version: Under analysis
Dunfell version: Under analysis
Sources: https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
meta-openembedded
Under analysis
