Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted netty 1:4.1.7-2+deb9u2 (source) into oldstable
Date: Fri, 04 Sep 2020 18:00:13 +0000
Signed by: Roberto C. Sanchez <roberto@familiasanchez.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 24 Aug 2020 16:17:17 -0400
Source: netty
Binary: libnetty-java
Architecture: source
Version: 1:4.1.7-2+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
 libnetty-java - Java NIO client/server socket framework
Closes: 950966 950967
Changes:
 netty (1:4.1.7-2+deb9u2) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Detect missing colon when parsing http headers with no value
     (CVE-2019-20444) (Closes: #950966)
   * Correctly handle Content-Length header that is accompanied by a second
     Content-Length header, or by a Transfer-Encoding header, by removing the
     extra Content-Length header. (CVE-2019-20445) (Closes: #950967)
   * Prevent denial of service resulting from unbounded memory allocation while
     decoding a ZlibEncoded byte stream, whereby an attacker could send a large
     ZlibEncoded byte stream to the Netty server, forcing the server to allocate
     all of its free memory to a single decoder. (CVE-2020-11612)
Checksums-Sha1:
 66ac5668769a447fc2ecc1f7e6f0082088aaba0c 2554 netty_4.1.7-2+deb9u2.dsc
 732da61cf7f83169768e5c3c8c9598e0e6588d1b 17268 netty_4.1.7-2+deb9u2.debian.tar.xz
 10a78209f8ded834a738ff10850c240c55744f10 16340 netty_4.1.7-2+deb9u2_amd64.buildinfo
Checksums-Sha256:
 e5849d550f8d803173a7d975d097d349a854eaf34666c8f686af957622e3fb24 2554 netty_4.1.7-2+deb9u2.dsc
 42f114c353562315a5f6b48bc7db086edfa2e0def5676f0736baf5c80e4ca43b 17268 netty_4.1.7-2+deb9u2.debian.tar.xz
 4dd267f783f11db6285163770d9f9388593b9439d49829435a20f51305a61ba1 16340 netty_4.1.7-2+deb9u2_amd64.buildinfo
Files:
 19a35632ee8b603869b71e436bd7055f 2554 java optional netty_4.1.7-2+deb9u2.dsc
 39f336f37a3482c0e5cc02284bb1c60f 17268 java optional netty_4.1.7-2+deb9u2.debian.tar.xz
 17d2e0a20200dd8be9acd80c5666dc40 16340 java optional netty_4.1.7-2+deb9u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl9SfnIACgkQLNd4Xt2n
sg+p/A/9EdwfxbBHb0i6ytMVaI/sSFYoStQ6QpYKrpCzu1BwyehG0c+02kjaB0w7
X1sFTTrqImW2VahEMK4gu69uC69KD38qFkDq5gsvXiIKFcW9E2LsprFH8CFYsxaX
lfIYfDXlwk3zXQzNr1jZ/G5JbUjV+RoTafYMPOe0+sR0i3T89F1tV5kgUWrSQdkj
oHBQycsqro5qA8kl4bO1qhqw3mKvJNQZ6VOzSAiYgC1U1LR8g0u0F2IlG1dSChjm
pMaboXyM0cpsA/KArlmnUhfoxbohXO8uScdzY9O6AWj/3NWZmA9kLI729sltL9+y
861aWZZk6AV2aubUanvtE9XwJeIFFI7oFezn2a6vpAataqXHH95A6rASySYiQo6r
8+Y0npTWW7awWlMjmTTv1cEyBtM0ODPxwBMhcAW0sMnkJeW1xKbrKWdtRSORKdUI
q04g4gLqGX1mtulblgigcYiex6n7H3lKPlcrx6LOFhZ53FxdD/JoH0cH+soVJhgZ
uwPq3MC0bFU9/rtNmbW6RtrXAIWUDOE3Ur3P+PLpS5fSV0DppFWXKuXMesE/Vown
2qR1puq6qf9kegpWM/Ou3QID067IxMWrddeuouJUD9Us/CCeiklTl8CL1xb/VMVM
7TbPD/TrvxjRp6EFHm069bi7MQeIeA5GR+sJ1FRRkCP5rW4poZc=
=QS9F
-----END PGP SIGNATURE-----

News for package netty