From 71d79a575cc734b617d5f64b2140556f81482abb Mon Sep 17 00:00:00 2001
From: Zhixiong Chi <zhixiong.chi@windriver.com>
Date: Mon, 4 Dec 2023 01:59:01 -0800
Subject: [PATCH] nghttp2: Upgrade to 1.43.0-1+deb11u1

Upgrade subpackage libnghttp2-14 to 1.43.0-1+deb11u1 to fix CVE
issue CVE-2023-44487

Refer to:
https://security-tracker.debian.org/tracker/DSA-5570-1
https://www.debian.org/security/2023/dsa-5570
https://www.tenable.com/plugins/nessus/186518

TestPla
PASS: downloader; build-pkgs; build-image
PASS: Jenkins Installation

Closes-Bug: 2045544

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Change-Id: Ib6d97caf466b851e814e818b41a69cdb62752eb0
---
 debian-mirror-tools/config/debian/common/base-bullseye.lst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian-mirror-tools/config/debian/common/base-bullseye.lst b/debian-mirror-tools/config/debian/common/base-bullseye.lst
index d624a997..d8265d90 100644
--- a/debian-mirror-tools/config/debian/common/base-bullseye.lst
+++ b/debian-mirror-tools/config/debian/common/base-bullseye.lst
@@ -514,7 +514,7 @@ libnfs-dev  4.0.0-1
 libnfsidmap2  0.25-6
 libnftables1  0.9.8-3.1 https://snapshot.debian.org/archive/debian/20220703T032011Z/pool/main/n/nftables/libnftables1_0.9.8-3.1_amd64.deb
 libnftnl11  1.1.9-1
-libnghttp2-14  1.43.0-1
+libnghttp2-14  1.43.0-1+deb11u1 https://snapshot.debian.org/archive/debian-security/20231204T084520Z/pool/updates/main/n/nghttp2/libnghttp2-14_1.43.0-1+deb11u1_amd64.deb
 libnl-3-200  3.4.0-1+b1
 libnl-3-dev  3.4.0-1+b1
 libnl-cli-3-200  3.4.0-1+b1