Am 28.11.2023 um 08:56:28 Uhr schrieb Marold Marcus (DC-AE/ESW1): > I would like to request an upgrade of the curl package (Linux Ubuntu > Core 22 / Jammy) to Nghttp2 v1.57.0 because of > CVE-2023-44487<https://github.com/advisories/GHSA-qppj-fm5r-hxr3>: > HTTP/2 Rapid Reset.
That is the debian user mailing list, not related to Ubuntu. Debian has curl 8.4.0 included. Testing and unstable already have nghttp2 1.58.0. Stable doesn't. https://tracker.debian.org/pkg/nghttp2 Contact the maintainers (listed on the left) about that.