-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 11 Jan 2023 22:51:42 CET Source: netty Architecture: source Version: 1:4.1.33-1+deb10u3 Distribution: buster-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: 3198bf9ea642933f2ba55200b3b4c5f1558bb055 2617 netty_4.1.33-1+deb10u3.dsc b62077488aa3e1c239d42091fd4ca3e0bc89be76 34008 netty_4.1.33-1+deb10u3.debian.tar.xz fcc34d492b36e285ee440536c4d2e0b90f680cee 14475 netty_4.1.33-1+deb10u3_amd64.buildinfo Checksums-Sha256: 60b345292371d8eed616aef4eb032979913f6928562231bc7317d509d072fef2 2617 netty_4.1.33-1+deb10u3.dsc ca500c0246db8ee2916e66e93f102ca1f0d0d2063e1ee05559f7a5f185947762 34008 netty_4.1.33-1+deb10u3.debian.tar.xz 8b506366352214deffc716d26d9241ee1b467483564dfc41c69d42852d48a636 14475 netty_4.1.33-1+deb10u3_amd64.buildinfo Changes: netty (1:4.1.33-1+deb10u3) buster-security; urgency=high . * Team upload. * Fix CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881 and CVE-2022-41915. Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty which may allow attackers to cause a denial of service or bypass restrictions when used as a proxy. Files: e539e12b7e2a2187eec924d115d34b61 2617 java optional netty_4.1.33-1+deb10u3.dsc 83905182531e52fcc617a8627bc96fd5 34008 java optional netty_4.1.33-1+deb10u3.debian.tar.xz 174d18cce4bc4a64318099af318a7975 14475 java optional netty_4.1.33-1+deb10u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmO/L3VfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkmVUQAKa//Yl6+Xj8Et8QzZFjw28nU+7I31KdMh9K qQkTEHpKv76cucaTZAGtG/QjMJ3p09kgh786NXn/p1Lp4g85XbReVvYLDN7qtpMb DFzKhs2qNvWOtsL8skBdWVP6zap5AWFckopx4Vj0TKsCPecatKXBdh/54MLzxuGH 70n10xhjyroxvgYPNQnXAj0pVrGEYGOjkIfDXAt4cfe8VoZANNZrxQHyRK/A8lnj 1EbIIJPeFrh2DGEn7O/K4mOy+CWWIsaGNaxz7wYLFLfDwelQBLZgzLTG8Ta+3sQg EP3Cd1nae67xVNpFvk7QP0up1SHUJc4EEOWDUnX4ucO7jlv/vUs7vQIXBhoPbdmW b9tRczbaNj28Nmsfj3c9U1n8hn0N1PCckt708ky93dPiM6mkNvSJF5V8k+FgIWP4 XQdPYaFBGDIdaPewtMpKZdSf/DlzAuim/C2hIcX4RwMipgdkxwFzy4z8nVAHmpAW LkxEl6o0RM0tWtG/O4Rac0Oss7R/lOsusy0WIxVgKYvz/ykAhkjieKXo5rb0l+rz 9EY28+Is3q+nbyGZ0miAFlZyLWykQiqUKTkyKf4ni6dnHaN2yeda0yacNE5QMK8g s4weioVwGvm/K4dyvdDhG26sVh5X7pMcSrM/s5l8mQMHCQd+FJ23Qva4RlpafdmG fayDltBS =hfIq -----END PGP SIGNATURE-----