Back to netty PTS page

Accepted netty 1:4.1.48-2 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted netty 1:4.1.48-2 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 14 Feb 2021 23:48:48 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1lBR8C-000Bqc-L0@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 15 Feb 2021 00:17:55 +0100
Source: netty
Architecture: source
Version: 1:4.1.48-2
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 982580
Changes:
 netty (1:4.1.48-2) unstable; urgency=high
 .
   * Team upload.
   * Fix CVE-2021-21290:
     In Netty there is a vulnerability on Unix-like systems involving an
     insecure temp file. When netty's multipart decoders are used local
     information disclosure can occur via the local system temporary directory
     if temporary storing uploads on the disk is enabled. On unix-like systems,
     the temporary directory is shared between all user. As such, writing to
     this directory using APIs that do not explicitly set the file/directory
     permissions can lead to information disclosure. Thanks to Salvatore
     Bonaccorso for the report. (Closes: #982580)
   * Switch to debhelper-compat = 13.
   * Declare compliance with Debian Policy 4.5.1.
Checksums-Sha1:
 0d358e7205ceb98aa6f17dc2a034f441a7d1c727 2590 netty_4.1.48-2.dsc
 b3c7e8d3f954db370fdb2213478bfd71dd867480 17596 netty_4.1.48-2.debian.tar.xz
 02a55779d6c9192c8ec894f97987071a5587a97b 14176 netty_4.1.48-2_amd64.buildinfo
Checksums-Sha256:
 1e8cb456ce087f00cfaf43dee1960b96165b6d54b5bacd0bf708d1c34e52e4cb 2590 netty_4.1.48-2.dsc
 e8e297b7e75212e43a50703fb22fd5ab2f0de54c92a480764cc3683ef4cfe382 17596 netty_4.1.48-2.debian.tar.xz
 35cd9c1dffd4c7d3af591ea7f331f9a8fc5f58573cc15b342acb4c5002ada1dd 14176 netty_4.1.48-2_amd64.buildinfo
Files:
 0aa4762fd992c812a1d184abccea1114 2590 java optional netty_4.1.48-2.dsc
 8a9734f1da3fa39d97b663922695a253 17596 java optional netty_4.1.48-2.debian.tar.xz
 ce655841124604bec03b849de2230709 14176 java optional netty_4.1.48-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmApsiZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk6zgP/iQPMZeCagAE1cXb1u4LCiaKW97aS2M0j39w
xuAE7CLIH6Sep0deFwjlmP/ze6E0WVkJi4KV9Qt5coIIPeDlw+GVG1m9rQHqrb8C
wSNiMLyE2rxYcGalzaOs84jITtu9Wc/85MG/yAagKIsudbGMjLDNSA51j9Qee/vY
lcYQtwlj/QYOBnkTYliBdD3z4u7K/bENW9nC1rkNJ5x2s5OiQCwdt5LRKiEW3zN+
leAfBMtyS+5Ciy3GN3wAQzrCteGYVsBMYga6SepcSzq64EiccxoAfN4ywD+/JdC6
tj0t1vaCUUYReu/+iYbA11UDbeN3ZMm/xct1noprYEZalgy0U2Dw8ZoX41x5L5g6
zjM+XbZBcqcdfvbEgf7BIKVNWOABxjimtoOTcQSBQGWh6LbLbsBrfvfG0xHZWPBV
mmjf4SPLjf4n0Ut8HpvX6ygOosM/K2HDX6QGlbDzEidZXdhImKcC8UEYaTGLNFH/
S934BdD+QlHm1S+ngu2vSSUtQtQP7LaKUA3T7MGlCSLnG8xIDAe1ZS/+gGjzuTU1
rltubtZsatPrtvxOdOdgoU38SoFuDu3QqgEOTz5ufSHmvmK/iyTOFOlKKXi6L5W6
wJpkwfIDY/YQDxR+lm6NeJqzHyfUeKc7CpwEu2k63qdI9JnIuMqTTjGkWDJ1Ucb9
7Yf2pDWT
=lHMi
-----END PGP SIGNATURE-----