<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>reassign 1034723 rust-h2<br>
      thanks<br>
    </p>
    <p>
      <blockquote type="cite">
        <pre>
The following vulnerability was published for rust-hyper.

CVE-2023-26964[0]:
|<i> An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking
</i>|<i> occurs when the H2 component processes HTTP2 RST_STREAM frames. As a
</i>|<i> result, the memory and CPU usage are high which can lead to a Denial
</i>|<i> of Service (DoS).
</i>
<a href="https://github.com/hyperium/hyper/issues/2877" class="moz-txt-link-freetext">https://github.com/hyperium/hyper/issues/2877</a>
<a href="https://github.com/hyperium/h2/commit/5bc8e72e5fcbd8ae2d3d9bc78a1c0ef0040bcc39" class="moz-txt-link-freetext">https://github.com/hyperium/h2/commit/5bc8e72e5fcbd8ae2d3d9bc78a1c0ef0040bcc39</a> (v0.3.17)</pre>
      </blockquote>
      I've just read though the github threads, it seems that although<br>
      this was initially filed against the hyper crate the actual <br>
      issue/fix was in the h2 crate. This has also been filed in the <br>
      rustsec database at
      <a class="moz-txt-link-freetext" href="https://rustsec.org/advisories/RUSTSEC-2023-0034.html">https://rustsec.org/advisories/RUSTSEC-2023-0034.html</a><br>
      <br>
      <br>
    </p>
  </body>
</html>