-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 11 Jan 2023 21:00:08 CET Source: netty Architecture: source Version: 1:4.1.48-4+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: 00616bfdebb1cd348d75a16f0a63ab82d4e784e4 2622 netty_4.1.48-4+deb11u1.dsc 022ad0c0c76dd4ba14b1e44d11cf0b99f0feeb2b 1665244 netty_4.1.48.orig.tar.xz ede1620eea8c78a7d240fa3882b99e55597efd61 33004 netty_4.1.48-4+deb11u1.debian.tar.xz cb9ef460ab8870f322e3bce707a1924250c23b86 14818 netty_4.1.48-4+deb11u1_amd64.buildinfo Checksums-Sha256: ddfca8c380aa2425ad7fc481a1615c74d486bd32d20154546635c5777bb423a8 2622 netty_4.1.48-4+deb11u1.dsc e5351d821f461f64af58e89f260ad8943b0ab75f26c1a845300a91f22a711600 1665244 netty_4.1.48.orig.tar.xz ec72fd97859516bf7508aa93d7704c5729d9a927c95c983a8e7f0e15220ed228 33004 netty_4.1.48-4+deb11u1.debian.tar.xz 2b5cb8d00143ab0a2946f2cb6ae5d7cb6fad3b424507d742079c03be71e75f28 14818 netty_4.1.48-4+deb11u1_amd64.buildinfo Closes: 1001437 1014769 1027180 Changes: netty (1:4.1.48-4+deb11u1) bullseye-security; urgency=high . * Team upload. * Fix CVE-2021-37136, CVE-2021-37137, CVE-2021-43797, CVE-2022-41881, and CVE-2022-41915. Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty which may allow attackers to cause a denial of service or bypass restrictions when used as a proxy. (Closes: #1027180, #1014769, #1001437) Files: 61b21ae0b382ebc85d4b8a8e773972cc 2622 java optional netty_4.1.48-4+deb11u1.dsc ebc25581b3e2b6e1bb47200ba260a636 1665244 java optional netty_4.1.48.orig.tar.xz 4cfe6ef845de3b737f62a77fda3bb625 33004 java optional netty_4.1.48-4+deb11u1.debian.tar.xz 68ee933cf784189c4b5d18fecbd62268 14818 java optional netty_4.1.48-4+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmO/FUtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkNiQP/1H2TX19XlWtUkSMeOhVPJ35dRf2s4HADn3a O/UnYsql2m88cyqAb7vjZKdRG1K/aP2zFH6P3erv9IScUc4YjWQNwV7z6tJX4Ruo r5AFoVDfDhWxkdJK296/k7/iskLnevK/PPykR3U8iYP4CGC5VXWSpe3NMQ13Utjv eLoLx6JRf5UzRg2FyB7Eezn88GL/Tnt6OmuNnF6s+37HfszWoNJqCORgQ4bBlPNK TvNCj+RIMxBgnmKpbk2Dl9PEXI7O3RT4LjubNbf4YVrT9cO6DU+wflntfAeLNKLu Q2CXt9YJgk5EBO0FMGph0bHrnibYVufo/4aBLm7j2oQaVWgSmMbiq7Mu3luXuVZO 0XOldF9FCQQsyI1XD3yyGBNLGSDGSeN/hmnAAf5lafjL2U7Gkt1fcSC8GJ1+nJBX 6p+zqGwoQIg4mUn9D1bKx/YfFv20zlsyHP1foCr2AivPDlnMRgWyTUACO5N5ER6y guJA8bEq7es+4m1nHVB5fu6BsgLggHC5TcxY6Tq/IN6YoXfc08J1zXPO0mJp9bGB +iEJs/gymorNR77e/lBH8aHHiJSHQzZT034VREL5qbtPeGdAD2VTeuJSZ0KdfGeo VwTR4YqGhoH2pE+QOENApm5G5HEoJsHlcFwigqhk5WzK4z+zA3RZSqp/g786sIGy D4N8qlTg =3XdI -----END PGP SIGNATURE-----