Gentoo Linux Security Advisory 201612-6 – Nghttp2 is vulnerable to a heap-use-after-free flaw in idle stream handling code. Versions less than 1.6.0 are affected.