{"id":"DLA-2786-1","summary":"nghttp2 - security update","modified":"2026-03-09T01:41:41.128888192Z","published":"2021-10-16T00:00:00Z","upstream":["CVE-2018-1000168","CVE-2020-11080","DEBIAN-CVE-2018-1000168","DEBIAN-CVE-2020-11080"],"affected":[{"package":{"name":"nghttp2","ecosystem":"Debian:9","purl":"pkg:deb/debian/nghttp2?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.18.1-1+deb9u2"}]}],"versions":["1.18.1-1","1.18.1-1+deb9u1"],"database_specific":{"source":"https://storage.googleapis.com/debian-osv/dla-osv/DLA-2786-1.json"}}],"schema_version":"1.7.3"}