-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 18 Nov 2023 16:09:25 CET Source: netty Architecture: source Version: 1:4.1.48-4+deb11u2 Distribution: bullseye-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: d2c651c3cc29e98665bb27dbfd1b67db88d52d70 2622 netty_4.1.48-4+deb11u2.dsc b01b05f9fca5c4ee80b0c0c4ee75475a0ebce908 37064 netty_4.1.48-4+deb11u2.debian.tar.xz 3ad5e636e0894f8306a1442961f0efb0a94d5c7d 14954 netty_4.1.48-4+deb11u2_amd64.buildinfo Checksums-Sha256: a605b017f053f165a59fb4555c57ac2d8ce6b3d1b6162928f00f92bf7abbd22d 2622 netty_4.1.48-4+deb11u2.dsc da70b5249e2fb8bb9ddfc67ebfd66d7b22cd75f167a57dabe61566c7214febe9 37064 netty_4.1.48-4+deb11u2.debian.tar.xz a94eb32aa83c00f6296600258db21e3b47519667f130c45ea8464e1b20c69909 14954 netty_4.1.48-4+deb11u2_amd64.buildinfo Closes: 1038947 1054234 Changes: netty (1:4.1.48-4+deb11u2) bullseye-security; urgency=high . * Team upload. * Fix CVE-2023-34462: (Closes: #1038947) Guard against high memory usage when parsing ClientHello messages. * Fix CVE-2023-44487: (Closes: #1054234) The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly. * Add 21-java-17.patch to fix a FTBFS with newer OpenJDK versions. Files: 291c38ddf1aa2459863fa5daaacb7da1 2622 java optional netty_4.1.48-4+deb11u2.dsc 23dea7306330e74f926abc69fbc8315c 37064 java optional netty_4.1.48-4+deb11u2.debian.tar.xz d7c918222f63d325835b6953d8c19879 14954 java optional netty_4.1.48-4+deb11u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY06lfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk8WUP+gO+KsnbE6VRNVNVZB2FJRHxsESx141uqJLs 31ag8bsmsnDIozT7BOGjEkUUeQvHcfI9x6TZHpYWI6K0aF+J1p8R+gJwQ2mw2OaB tkmLeQrcVO+hWwNE39jYW93q2v6wxaRnh7dGXx5SsTwnx/AQ7Z11TrtYowY4h8ty 8cKwpdpy0EKQ56zFomHIS+ywws5vDVQxh8cyr7UUlQjc1RD6ON9Zt0IKynZ2Jm6/ b2sbJCHUFfkUC0kAEdkpYHTF9WYSbhtWcc+xNyxLh91RVq9xT7eSVv/ViYX345H+ L/qlPOL3494e0IiFMdE3pmkageyvCPDYc/rDF+++XVzseeBPKsvZ0sHzTii3bNHD 8w2kFWjZgGdV5i66Y0/B81i5hZwwxwwhvJlw16QNME9lmoLzRmvroHCYWo/zH1MG 9+r2UlS64WyhQfYCuj8ggW1tgN4sUedKsBX4GyfXNyw1sep7YRYEB0xurRAGO6SU VrVVRhLxpYTE19nmBauiVMiMX1z8n1XW5FIWIe9EK1onfNk1vwCokjVIIfYuGUAK qMTpH7RvUzZbh0//gyeqiJH8cJQIiB5Kfab1ZVv8TsJJyJLZ8HIJzTTB9/7mh2a1 T52TlmkwGeOV8kGGnBkGUoCAnWbdsSmP480G2GxdzjhNh6CwtlBJMLNYw8YxRmE4 MOMc3l98 =GQnK -----END PGP SIGNATURE-----