Candidate: CVE-2015-8659
PublicDate: 2016-01-12 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8659
 https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/
Description:
 The idle stream handling in nghttp2 before 1.6.0 allows attackers to have
 unspecified impact via unknown vectors, aka a heap-use-after-free bug.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H [10.0 CRITICAL]

Patches_nghttp2:
upstream_nghttp2: released (1.6.0-1)
precise_nghttp2: DNE
precise/esm_nghttp2: DNE
trusty_nghttp2: DNE
trusty/esm_nghttp2: DNE
vivid_nghttp2: ignored (reached end-of-life)
vivid/stable-phone-overlay_nghttp2: DNE
vivid/ubuntu-core_nghttp2: DNE
wily_nghttp2: ignored (reached end-of-life)
xenial_nghttp2: not-affected (1.7.1-1)
yakkety_nghttp2: ignored (reached end-of-life)
zesty_nghttp2: not-affected (1.19.0-2)
artful_nghttp2: not-affected (1.25.0-1)
devel_nghttp2: not-affected (1.29.0-1)