Back to netty-3.9 PTS page

Accepted netty-3.9 3.9.0.Final-1+deb8u1 (source all) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted netty-3.9 3.9.0.Final-1+deb8u1 (source all) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 19 Feb 2020 17:40:21 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1j4TKf-0005VO-7s@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 19 Feb 2020 17:46:53 +0100
Source: netty-3.9
Binary: libnetty-3.9-java
Architecture: source all
Version: 3.9.0.Final-1+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Hilko Bengen <bengen@debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 libnetty-3.9-java - Java NIO client/server socket framework
Changes:
 netty-3.9 (3.9.0.Final-1+deb8u1) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Security Team.
   * CVE-2014-0193: WebSocket08FrameDecoder allows remote attackers to
     cause a denial of service (memory consumption) via a
     TextWebSocketFrame followed by a long stream of
     ContinuationWebSocketFrames.
   * CVE-2014-3488: The SslHandler allows remote attackers to cause a
     denial of service (infinite loop and CPU consumption) via a
     crafted SSLv2Hello message.
   * CVE-2019-16869: Correctly handle whitespaces in HTTP header names
     as defined by RFC7230#section-3.2.4.
   * CVE-2019-20444: HttpObjectDecoder.java allows an HTTP header that
     lacks a colon, which might be interpreted as a separate header
     with an incorrect syntax, or might be interpreted as an "invalid
     fold."
   * CVE-2019-20445: HttpObjectDecoder.java allows a Content-Length
     header to be accompanied by a second Content-Length header, or by
     a Transfer-Encoding header.
   * CVE-2020-7238: Netty allows HTTP Request Smuggling because it
     mishandles Transfer-Encoding whitespace (such as a
     [space]Transfer-Encoding:chunked line) and a later Content-Length
     header.
Checksums-Sha1:
 d245c117e5276871ed6d271edb4adebb041960a9 1649 netty-3.9_3.9.0.Final-1+deb8u1.dsc
 95ede2260e8cc2c4d0555b41d87109157f5bbe19 700897 netty-3.9_3.9.0.Final.orig.tar.gz
 5f305061146458fedb656bf6466a6c6c4036f466 12588 netty-3.9_3.9.0.Final-1+deb8u1.debian.tar.xz
 137ed48fc3364aee146579821fc47d07480e563d 1065626 libnetty-3.9-java_3.9.0.Final-1+deb8u1_all.deb
Checksums-Sha256:
 f9b72b05a3520b71c221b2da56a7a989a10add963b81a35d93bb9cde5f07a741 1649 netty-3.9_3.9.0.Final-1+deb8u1.dsc
 7243603e654fc8d5b81a74fb63b0715450a8449b8923caecae1cc74521628d67 700897 netty-3.9_3.9.0.Final.orig.tar.gz
 7b8ca048c5d185353f80f6f8d29adba8cded1a0b52ec92017a8e3c3983778609 12588 netty-3.9_3.9.0.Final-1+deb8u1.debian.tar.xz
 fd43e4bee5883c3e63f5fbf72e5bf2e82e292c75a065dea717b1c0cc95cfeb94 1065626 libnetty-3.9-java_3.9.0.Final-1+deb8u1_all.deb
Files:
 a2ed74fe01c74b1a81f27b4d03cca194 1649 java optional netty-3.9_3.9.0.Final-1+deb8u1.dsc
 dd6a7cac89bd6f6a7ffc36a46ccd9799 700897 java optional netty-3.9_3.9.0.Final.orig.tar.gz
 e42fa24fd42805f6776f8c107c78f7ec 12588 java optional netty-3.9_3.9.0.Final-1+deb8u1.debian.tar.xz
 84dd969691dc144ac414f671195f136b 1065626 java optional libnetty-3.9-java_3.9.0.Final-1+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl5NbjQACgkQj/HLbo2J
BZ8CFAf9EMY4HLEhfOayfdxfANrdI3IDcyyXbQrgPeQ7vxv+KmonLrLsm9MxAGsJ
/SGeFSR4nNJsb87QlBmDhWkkwDjkLJr5nhBPjSkDRDkTR96EPydRxn/ySRtdwXgH
n8cl0PDIKWL1SB5s/5oIHKkYioLYgskGNZzAj4dQjxBwmGi6GdNbGb+C36QGH28Y
HEWLdWb1uApDIx/Yyt2kztzQwl19puQYNBbMCfqS0FzJGCQEVKor7C+KEvRX5bh8
T8NiimVMX4pnJSN7wRGDgwq0ZZidHW+jMvqrfwjd+cMZDfE6XC9VCiDQngR4O/30
dIzgkU1kenBll17RiPIxEcskDb/0JA==
=WhYR
-----END PGP SIGNATURE-----