-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 15 Feb 2021 00:17:55 +0100 Source: netty Architecture: source Version: 1:4.1.48-2 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Closes: 982580 Changes: netty (1:4.1.48-2) unstable; urgency=high . * Team upload. * Fix CVE-2021-21290: In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Thanks to Salvatore Bonaccorso for the report. (Closes: #982580) * Switch to debhelper-compat = 13. * Declare compliance with Debian Policy 4.5.1. Checksums-Sha1: 0d358e7205ceb98aa6f17dc2a034f441a7d1c727 2590 netty_4.1.48-2.dsc b3c7e8d3f954db370fdb2213478bfd71dd867480 17596 netty_4.1.48-2.debian.tar.xz 02a55779d6c9192c8ec894f97987071a5587a97b 14176 netty_4.1.48-2_amd64.buildinfo Checksums-Sha256: 1e8cb456ce087f00cfaf43dee1960b96165b6d54b5bacd0bf708d1c34e52e4cb 2590 netty_4.1.48-2.dsc e8e297b7e75212e43a50703fb22fd5ab2f0de54c92a480764cc3683ef4cfe382 17596 netty_4.1.48-2.debian.tar.xz 35cd9c1dffd4c7d3af591ea7f331f9a8fc5f58573cc15b342acb4c5002ada1dd 14176 netty_4.1.48-2_amd64.buildinfo Files: 0aa4762fd992c812a1d184abccea1114 2590 java optional netty_4.1.48-2.dsc 8a9734f1da3fa39d97b663922695a253 17596 java optional netty_4.1.48-2.debian.tar.xz ce655841124604bec03b849de2230709 14176 java optional netty_4.1.48-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmApsiZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk6zgP/iQPMZeCagAE1cXb1u4LCiaKW97aS2M0j39w xuAE7CLIH6Sep0deFwjlmP/ze6E0WVkJi4KV9Qt5coIIPeDlw+GVG1m9rQHqrb8C wSNiMLyE2rxYcGalzaOs84jITtu9Wc/85MG/yAagKIsudbGMjLDNSA51j9Qee/vY lcYQtwlj/QYOBnkTYliBdD3z4u7K/bENW9nC1rkNJ5x2s5OiQCwdt5LRKiEW3zN+ leAfBMtyS+5Ciy3GN3wAQzrCteGYVsBMYga6SepcSzq64EiccxoAfN4ywD+/JdC6 tj0t1vaCUUYReu/+iYbA11UDbeN3ZMm/xct1noprYEZalgy0U2Dw8ZoX41x5L5g6 zjM+XbZBcqcdfvbEgf7BIKVNWOABxjimtoOTcQSBQGWh6LbLbsBrfvfG0xHZWPBV mmjf4SPLjf4n0Ut8HpvX6ygOosM/K2HDX6QGlbDzEidZXdhImKcC8UEYaTGLNFH/ S934BdD+QlHm1S+ngu2vSSUtQtQP7LaKUA3T7MGlCSLnG8xIDAe1ZS/+gGjzuTU1 rltubtZsatPrtvxOdOdgoU38SoFuDu3QqgEOTz5ufSHmvmK/iyTOFOlKKXi6L5W6 wJpkwfIDY/YQDxR+lm6NeJqzHyfUeKc7CpwEu2k63qdI9JnIuMqTTjGkWDJ1Ucb9 7Yf2pDWT =lHMi -----END PGP SIGNATURE-----
