This update for nghttp2 fixes the following issues:
Security issues fixed:
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358).
CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184).
CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146182).
CVE-2018-1000168: Fixed ALTSVC frame client side denial of service (bsc#1088639).
CVE-2016-1544: Fixed out of memory due to unlimited incoming HTTP header fields (bsc#966514).
Bug fixes and enhancements:
Packages must not mark license files as %doc (bsc#1082318)
Typo in description of libnghttp2_asio1 (bsc#962914)