Accepted netty 1:4.1.48-4 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 31 Mar 2021 22:01:52 -0700
Source: netty
Architecture: source
Version: 1:4.1.48-4
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: tony mancill <tmancill@debian.org>
Closes: 986217
Changes:
netty (1:4.1.48-4) unstable; urgency=high
.
* Team upload.
* Fix CVE-2021-21409 (Closes: #986217)
Address a vulnerability that enables request smuggling. The content-length
header is not correctly validated if the request only uses a single
Http2HeaderFrame with the endStream set to true. This could lead to request
smuggling if the request is proxied to a remote peer and translated to
HTTP/1.1. This is a followup to CVE-2021-21295 to address this case.
Checksums-Sha1:
aa383b5a6a230030c16e1576cec8cd629a434f7b 2468 netty_4.1.48-4.dsc
32db8bb32ca68edb866a8bf06c3bca763b44cd3b 24196 netty_4.1.48-4.debian.tar.xz
5daa534e35606b68366c04ac2daf57ceb6dda9d3 14197 netty_4.1.48-4_amd64.buildinfo
Checksums-Sha256:
d4a9ff93064e5c80936ea85b4ccc96cdc7873612505cbfc199ad7d1c8c7c48ed 2468 netty_4.1.48-4.dsc
b0e09c1c1c3ad3d81d695facf6a26bac37f1ce43cd84dc41a07b93776bd5ae2e 24196 netty_4.1.48-4.debian.tar.xz
49c78b6a7536d5e006482c3c6e2ae2a8b01164e6cd7cc60d87a2d2f62c81c364 14197 netty_4.1.48-4_amd64.buildinfo
Files:
070ad62dcccc1be6401079737faeb8e2 2468 java optional netty_4.1.48-4.dsc
d1419390535f79c5c6e9a0ba8b7bf08f 24196 java optional netty_4.1.48-4.debian.tar.xz
98d02a23b70f441b5cdfda6f09cc2ed7 14197 java optional netty_4.1.48-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmBlXbQUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpaNKhAAjH1M4AIni78/kARrKpXluJdnuxFE
+9/kmvNFhGDJiCrO2+3c+289Fh9MTkjkPfEeLOW6bTvfXRjgVnpf13fjH6yIN8e6
TEHHNMlrAkeFqNPyiFzP7TlxUe5a7epgY3ZhC8Pn0+5T09c1fAvt7q+DLJ8K2mub
Qz1MKejinAKPkDtWSmHwyJKT5pBFx825xde9mcUuprpNBdV8UVKXclfMjfJpJtLK
6oKlZjwtAC7cY/E8XDiB93xSd0Q6Z0UfCvIwl1kNGW6M4n8uueiUWYSDgw/oT9Yj
yXLrJhkg2SyZhUqXb5mRQgVN9EBp8K7TUOJ88KcZbi33GyCFsd+E71ISQVDGthV0
EJ2Pt/W3X19blc/uyStAI5mKZ4y/hxUNFU6GQ17h8YtEGDeGmFaZUx3j2ctaxbQD
bUVVJM9MD6Yo9pbvxqJLbniRg39XP/hrQyiqw1nX94FAMFhAn5tu6D3Qo+b8GjxA
Lib/X+QdfiXR+tgxD/o8azPcwB5y568kjf8FAGBPYD2K/v84dq2k7r8pIw1dzYkC
9wSjDEjP8bvULeCDDDMfl35suPxMbccy+CcktveMk1GZxFq1xqWNaTVVCM2FH0sb
kU5bjBt4d+9J8L3G+W5TwoLm8vJYoHEOJL5EIelZAwusf909I6QwiFyb6rcbbiwA
qD00Y5hNAbrfAHQ=
=mPKl
-----END PGP SIGNATURE-----