Hi Pete! Since the h2o package is in the universe repository, it is community maintained. This means that the security team will not be fixing the package unless a community member contributes a debdiff for sponsoring that fixes the issue.
Here is the commit that fix this in upstream: https://github.com/h2o/h2o/issues/1775 ** Bug watch added: github.com/h2o/h2o/issues #1775 https://github.com/h2o/h2o/issues/1775 ** Information type changed from Private Security to Public Security ** Tags added: community-security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1776877 Title: Security vulnerability in h2o 2.2.4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/h2o/+bug/1776877/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
