Version in base suite: 1.11.0-1

Base version: ngtcp2_1.11.0-1
Target version: ngtcp2_1.11.0-1+deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/n/ngtcp2/ngtcp2_1.11.0-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/n/ngtcp2/ngtcp2_1.11.0-1+deb13u1.dsc

 changelog                    |    7 +++++++
 patches/CVE-2026-40170.patch |   26 ++++++++++++++++++++++++++
 patches/series               |    1 +
 3 files changed, 34 insertions(+)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp6c16395s/ngtcp2_1.11.0-1.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp6c16395s/ngtcp2_1.11.0-1+deb13u1.dsc: no acceptable signature found
diff -Nru ngtcp2-1.11.0/debian/changelog ngtcp2-1.11.0/debian/changelog
--- ngtcp2-1.11.0/debian/changelog	2025-03-01 13:51:39.000000000 +0000
+++ ngtcp2-1.11.0/debian/changelog	2026-04-20 02:11:10.000000000 +0000
@@ -1,3 +1,10 @@
+ngtcp2 (1.11.0-1+deb13u1) trixie-security; urgency=medium
+
+  * Team upload
+  * Backport patch for CVE-2026-40170 (closes: #1134197)
+
+ -- Samuel Henrique <samueloph@debian.org>  Sun, 19 Apr 2026 19:11:10 -0700
+
 ngtcp2 (1.11.0-1) unstable; urgency=medium
 
   [ Matheus Polkorny ]
diff -Nru ngtcp2-1.11.0/debian/patches/CVE-2026-40170.patch ngtcp2-1.11.0/debian/patches/CVE-2026-40170.patch
--- ngtcp2-1.11.0/debian/patches/CVE-2026-40170.patch	1970-01-01 00:00:00.000000000 +0000
+++ ngtcp2-1.11.0/debian/patches/CVE-2026-40170.patch	2026-04-20 02:11:10.000000000 +0000
@@ -0,0 +1,26 @@
+From 708a7640c1f48fb8ffb540c4b8ea5b4c1dfb8ee5 Mon Sep 17 00:00:00 2001
+From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
+Date: Fri, 10 Apr 2026 00:07:34 +0900
+Subject: [PATCH] Fix qlog parameters_set stack buffer overflow
+
+Backported-by: Samuel Henrique <samueloph@debian.org>
+Changes:
+* Update offset
+
+---
+ lib/ngtcp2_qlog.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/ngtcp2_qlog.c b/lib/ngtcp2_qlog.c
+index c0f9207..ae202bb 100644
+--- a/lib/ngtcp2_qlog.c
++++ b/lib/ngtcp2_qlog.c
+@@ -935,7 +935,7 @@ void ngtcp2_qlog_pkt_sent_end(ngtcp2_qlog *qlog, const ngtcp2_pkt_hd *hd,
+ void ngtcp2_qlog_parameters_set_transport_params(
+   ngtcp2_qlog *qlog, const ngtcp2_transport_params *params, int server,
+   ngtcp2_qlog_side side) {
+-  uint8_t buf[1024];
++  uint8_t buf[2048];
+   uint8_t *p = buf;
+   const ngtcp2_preferred_addr *paddr;
+   const ngtcp2_sockaddr_in *sa_in;
diff -Nru ngtcp2-1.11.0/debian/patches/series ngtcp2-1.11.0/debian/patches/series
--- ngtcp2-1.11.0/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
+++ ngtcp2-1.11.0/debian/patches/series	2026-04-20 02:11:10.000000000 +0000
@@ -0,0 +1 @@
+CVE-2026-40170.patch