Debian Package Tracker
Register | Log in
Subscribe

python-h2

Pure-Python3 HTTP/2 State-Machine based protocol implementation in Python

Choose email to subscribe with

general
  • source: python-h2 (main)
  • version: 4.2.0-1
  • maintainer: Debian Python Team (DMD)
  • uploaders: Andrej Shadura [DMD]
  • arch: all
  • std-ver: 4.6.1
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 4.0.0-3
  • o-o-sec: 4.0.0-3+deb11u1
  • oldstable: 4.1.0-4
  • stable: 4.2.0-1
  • testing: 4.2.0-1
  • unstable: 4.2.0-1
versioned links
  • 4.0.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 4.0.0-3+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 4.1.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 4.2.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • python3-h2
action needed
A new upstream version is available: 4.3.0 high
A new upstream version 4.3.0 is available, you should consider packaging it.
Created: 2025-08-25 Last update: 2025-09-06 01:03
1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:
  • CVE-2025-57804: h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.
Created: 2025-08-26 Last update: 2025-09-03 01:00
1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:
  • CVE-2025-57804: h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.
Created: 2025-08-26 Last update: 2025-09-03 01:00
1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:
  • CVE-2025-57804: h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.
Created: 2025-08-26 Last update: 2025-09-03 01:00
1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:
  • CVE-2025-57804: h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.
Created: 2025-08-26 Last update: 2025-09-03 01:00
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.1).
Created: 2022-12-17 Last update: 2025-03-26 17:31
news
[rss feed]
  • [2025-09-02] Accepted python-h2 4.0.0-3+deb11u1 (source) into oldoldstable-security (Daniel Leidert)
  • [2025-03-28] python-h2 4.2.0-1 MIGRATED to testing (Debian testing watch)
  • [2025-03-26] Accepted python-h2 4.2.0-1 (source) into unstable (Alexandre Detiste)
  • [2022-12-04] python-h2 4.1.0-4 MIGRATED to testing (Debian testing watch)
  • [2022-12-02] Accepted python-h2 4.1.0-4 (source) into unstable (Jochen Sprickerhof)
  • [2022-02-02] python-h2 4.1.0-3 MIGRATED to testing (Debian testing watch)
  • [2022-01-24] Accepted python-h2 4.1.0-3 (source) into unstable (Sandro Tosi)
  • [2022-01-19] Accepted python-h2 4.1.0-2 (source) into unstable (Sandro Tosi)
  • [2022-01-18] Accepted python-h2 4.1.0-1 (source) into unstable (Sandro Tosi)
  • [2021-01-09] python-h2 4.0.0-3 MIGRATED to testing (Debian testing watch)
  • [2021-01-06] Accepted python-h2 4.0.0-3 (source) into unstable (Andrej Shadura) (signed by: Andrew Shadura)
  • [2021-01-04] Accepted python-h2 4.0.0-2 (source) into unstable (Andrej Shadura) (signed by: Andrew Shadura)
  • [2020-12-04] python-h2 4.0.0-1 MIGRATED to testing (Debian testing watch)
  • [2020-11-29] Accepted python-h2 4.0.0-1 (source) into unstable (Andrej Shadura) (signed by: Andrew Shadura)
  • [2020-04-01] python-h2 3.2.0-2 MIGRATED to testing (Debian testing watch)
  • [2020-03-28] Accepted python-h2 3.2.0-2 (source) into unstable (Andrej Shadura) (signed by: Andrew Shadura)
  • [2020-03-17] python-h2 3.2.0-1 MIGRATED to testing (Debian testing watch)
  • [2020-03-15] Accepted python-h2 3.2.0-1 (source) into unstable (Andrej Shadura) (signed by: Andrew Shadura)
  • [2020-02-03] python-h2 3.1.1-1 MIGRATED to testing (Debian testing watch)
  • [2020-01-31] Accepted python-h2 3.1.1-1 (source) into unstable (Håvard Flaget Aasen) (signed by: Adam Borowski)
  • [2019-12-26] python-h2 3.0.1-5 MIGRATED to testing (Debian testing watch)
  • [2019-12-21] Accepted python-h2 3.0.1-5 (source) into unstable (Sebastien Delafond)
  • [2019-10-25] python-h2 3.0.1-4.1 MIGRATED to testing (Debian testing watch)
  • [2019-10-20] Accepted python-h2 3.0.1-4.1 (source) into unstable (Sandro Tosi)
  • [2018-04-05] python-h2 3.0.1-4 MIGRATED to testing (Debian testing watch)
  • [2018-03-30] Accepted python-h2 3.0.1-4 (source) into unstable (Sebastien Delafond)
  • [2018-02-22] python-h2 3.0.1-3 MIGRATED to testing (Debian testing watch)
  • [2018-02-16] Accepted python-h2 3.0.1-3 (source) into unstable (Sebastien Delafond)
  • [2018-01-06] python-h2 3.0.1-2 MIGRATED to testing (Debian testing watch)
  • [2018-01-01] Accepted python-h2 3.0.1-2 (source) into unstable (Sebastien Delafond)
  • 1
  • 2
bugs [bug history graph]
  • all: 2
  • RC: 0
  • I&N: 1
  • M&W: 1
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 4.2.0-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing