There are packages that fix some apache2 and nghttp2 CVEs in the security team PPA here:
If you are running http2 in your environment, please help test them as they update mod_http2 to a whole new version in order to fix the security issues, and I’d appreciate them getting some further testing before they are released.
Please comment with results below. Thanks!