Register | Log in

python-h2

Pure-Python3 HTTP/2 State-Machine based protocol implementation in Python

Choose email to subscribe with

general

source: python-h2 (main)
version: 4.2.0-1
maintainer: Debian Python Team (DMD)
uploaders: Andrej Shadura [DMD]
arch: all
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.0.0-3
o-o-sec: 4.0.0-3+deb11u1
oldstable: 4.1.0-4
stable: 4.2.0-1
testing: 4.2.0-1
unstable: 4.2.0-1

versioned links

4.0.0-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.0.0-3+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.1.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.0-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

python3-h2

action needed

A new upstream version is available: 4.3.0 high

A new upstream version 4.3.0 is available, you should consider packaging it.

Created: 2025-08-25 Last update: 2025-09-06 01:03

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-57804: h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.

Created: 2025-08-26 Last update: 2025-09-03 01:00

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-57804: h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.

Created: 2025-08-26 Last update: 2025-09-03 01:00

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2025-57804: h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.

Created: 2025-08-26 Last update: 2025-09-03 01:00

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2025-57804: h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.

Created: 2025-08-26 Last update: 2025-09-03 01:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.6.1).

Created: 2022-12-17 Last update: 2025-03-26 17:31

news

[2025-09-02] Accepted python-h2 4.0.0-3+deb11u1 (source) into oldoldstable-security (Daniel Leidert)
[2025-03-28] python-h2 4.2.0-1 MIGRATED to testing (Debian testing watch)
[2025-03-26] Accepted python-h2 4.2.0-1 (source) into unstable (Alexandre Detiste)
[2022-12-04] python-h2 4.1.0-4 MIGRATED to testing (Debian testing watch)
[2022-12-02] Accepted python-h2 4.1.0-4 (source) into unstable (Jochen Sprickerhof)
[2022-02-02] python-h2 4.1.0-3 MIGRATED to testing (Debian testing watch)
[2022-01-24] Accepted python-h2 4.1.0-3 (source) into unstable (Sandro Tosi)
[2022-01-19] Accepted python-h2 4.1.0-2 (source) into unstable (Sandro Tosi)
[2022-01-18] Accepted python-h2 4.1.0-1 (source) into unstable (Sandro Tosi)
[2021-01-09] python-h2 4.0.0-3 MIGRATED to testing (Debian testing watch)
[2021-01-06] Accepted python-h2 4.0.0-3 (source) into unstable (Andrej Shadura) (signed by: Andrew Shadura)
[2021-01-04] Accepted python-h2 4.0.0-2 (source) into unstable (Andrej Shadura) (signed by: Andrew Shadura)
[2020-12-04] python-h2 4.0.0-1 MIGRATED to testing (Debian testing watch)
[2020-11-29] Accepted python-h2 4.0.0-1 (source) into unstable (Andrej Shadura) (signed by: Andrew Shadura)
[2020-04-01] python-h2 3.2.0-2 MIGRATED to testing (Debian testing watch)
[2020-03-28] Accepted python-h2 3.2.0-2 (source) into unstable (Andrej Shadura) (signed by: Andrew Shadura)
[2020-03-17] python-h2 3.2.0-1 MIGRATED to testing (Debian testing watch)
[2020-03-15] Accepted python-h2 3.2.0-1 (source) into unstable (Andrej Shadura) (signed by: Andrew Shadura)
[2020-02-03] python-h2 3.1.1-1 MIGRATED to testing (Debian testing watch)
[2020-01-31] Accepted python-h2 3.1.1-1 (source) into unstable (Håvard Flaget Aasen) (signed by: Adam Borowski)
[2019-12-26] python-h2 3.0.1-5 MIGRATED to testing (Debian testing watch)
[2019-12-21] Accepted python-h2 3.0.1-5 (source) into unstable (Sebastien Delafond)
[2019-10-25] python-h2 3.0.1-4.1 MIGRATED to testing (Debian testing watch)
[2019-10-20] Accepted python-h2 3.0.1-4.1 (source) into unstable (Sandro Tosi)
[2018-04-05] python-h2 3.0.1-4 MIGRATED to testing (Debian testing watch)
[2018-03-30] Accepted python-h2 3.0.1-4 (source) into unstable (Sebastien Delafond)
[2018-02-22] python-h2 3.0.1-3 MIGRATED to testing (Debian testing watch)
[2018-02-16] Accepted python-h2 3.0.1-3 (source) into unstable (Sebastien Delafond)
[2018-01-06] python-h2 3.0.1-2 MIGRATED to testing (Debian testing watch)
[2018-01-01] Accepted python-h2 3.0.1-2 (source) into unstable (Sebastien Delafond)

1
2

bugs [bug history graph]

all: 2
RC: 0
I&N: 1
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.2.0-1

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing