Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted netty 1:4.1.48-3 (source) into unstable
Date: Fri, 26 Mar 2021 22:48:34 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 26 Mar 2021 13:37:15 +0100
Source: netty
Architecture: source
Version: 1:4.1.48-3
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 984948
Changes:
 netty (1:4.1.48-3) unstable; urgency=high
 .
   * Team upload.
   * Fix CVE-2021-21295:
     There is a vulnerability that enables request smuggling. If a
     Content-Length header is present in the original HTTP/2 request, the field
     is not validated by `Http2MultiplexHandler` as it is propagated up. This is
     fine as long as the request is not proxied through as HTTP/1.1. If the
     request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1
     domain objects (`HttpRequest`, `HttpContent`, etc.) via
     `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's
     pipeline and proxied through a remote peer as HTTP/1.1 this may result in
     request smuggling. (Closes: #984948)
Checksums-Sha1:
 c60c819be2b80fc6737e322b37b7c3a7d561e883 2590 netty_4.1.48-3.dsc
 b9388c1a8f1ccc9bf962eee733c24610d2644d17 22828 netty_4.1.48-3.debian.tar.xz
 7ab7688bf7d2ce12f4b74af85b3800766b2532d9 14173 netty_4.1.48-3_amd64.buildinfo
Checksums-Sha256:
 7280cbc653e554cdabf4030bb797d99d40595dcbf0837452e58f06fb8e0308d4 2590 netty_4.1.48-3.dsc
 6c46a1aed05693555114fd5b9be81f0a04e2580b8a8b71450b45e48d747b9070 22828 netty_4.1.48-3.debian.tar.xz
 e41356e1ec44ebd31d2c803b47d612d796a199a6b6f4ba2b21d2d2477acf84c3 14173 netty_4.1.48-3_amd64.buildinfo
Files:
 e69025191209806015b5e044c1fe8b0d 2590 java optional netty_4.1.48-3.dsc
 b4ae23372fbeb55842b98c37fede59df 22828 java optional netty_4.1.48-3.debian.tar.xz
 d6e9a9959ef907f5378d5def0eba4749 14173 java optional netty_4.1.48-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmBeYJdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkG5gQAL1RttTgL5RkrLYGSgbNsSf9JOA+3EzyX0A7
ZsgnB4WAZvuLJn9Wws4ZZUDCRNMFd1Q3ppsa+LrE5O9r5xtgUCS4MtHMqpZ3vz7/
cLeXh6dWUK1P5/Bd3rNEtAwyYefp8xbQBhjS8g0XRQLsDe30UMN2pm2097nL4Cxl
2sc7tbJ+TLbCHtcdVQe0x55ZTdkIwbrFSI9odKU6d2/5n/tCUpxuFkm0gvvfEKlc
RwXSSq6QfpOAYwHYPtJK73jE6uaCuezgdJx4XOaGeJjxL0NiSWG/Mc9vTVcydofQ
Li+rI2p+38l6Kt09gMeEM6CJZBZuCz2HkmPvyW5ndIGVKB7m/5V+9xQSCbkBYdxw
r9e6CDPmj/cQhTo+bR5FGNE+Zp9hlZyCl/yr/UxnW/AvOQrNLExPO8PIuvPDgm+8
kGvaS1urKk7BTMNQ5HH9wTjF2qNUO/V4Bal654f4KruuP4uj26DL18d6b0hHpc7O
Ze4poAuIGDceMrK60gSOlJ/dKhxt6QvvSNcL6qjAt7i5RqSJ2rJTOI7gQuuSYwPq
T4f4nc0mrxCNAu39EU90CTk+nYaEV5oyOfy6wpYfgXza1S4GcB0vQmI4NHbRcW+B
RIlqkZtDBQ58GhLv0wybuymzrnacPe8RFHtBmHeI+j11qu6zNNvbqpFLKQo5N107
UIe2JypS
=Uxox
-----END PGP SIGNATURE-----
News for package netty
