1.95.0

Notably, this release addresses:

USN-6754-1 nghttp2 vulnerabilities:

• CVE-2024-28182:
  nghttp2 is an implementation of the Hypertext Transfer Protocol version 2
  in C. The nghttp2 library prior to version 1.61.0 keeps reading the
  unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset
  to keep HPACK context in sync. This causes excessive CPU usage to decode
  HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the
  number of CONTINUATION frames it accepts per stream. There is no workaround
  for this vulnerability.
• CVE-2019-9511:
  Some HTTP/2 implementations are vulnerable to window size manipulation and
  stream prioritization manipulation, potentially leading to a denial of
  service. The attacker requests a large amount of data from a specified
  resource over multiple streams. They manipulate window size and stream
  priority to force the server to queue the data in 1-byte chunks. Depending
  on how efficiently this data is queued, this can consume excess CPU,
  memory, or both.
• CVE-2019-9513:
  Some HTTP/2 implementations are vulnerable to resource loops, potentially
  leading to a denial of service. The attacker creates multiple request
  streams and continually shuffles the priority of the streams in a way that
  causes substantial churn to the priority tree. This can consume excess CPU.
• CVE-2023-44487:
  The HTTP/2 protocol allows a denial of service (server resource
  consumption) because request cancellation can reset many streams quickly,
  as exploited in the wild in August through October 2023.

-ii  libnghttp2-14:amd64  1.43.0-1ubuntu0.1 amd64 library implementing HTTP/2 protocol (shared library)
+ii  libnghttp2-14:amd64  1.43.0-1ubuntu0.2 amd64 library implementing HTTP/2 protocol (shared library)
-ii  linux-libc-dev:amd64 5.15.0-102.112    amd64 Linux Kernel Headers for development
+ii  linux-libc-dev:amd64 5.15.0-105.115    amd64 Linux Kernel Headers for development```