Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted netty 1:4.1.48-10 (source) into unstable
Date: Sun, 12 May 2024 20:36:47 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 12 May 2024 21:20:10 +0200
Source: netty
Architecture: source
Version: 1:4.1.48-10
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 1068110
Changes:
 netty (1:4.1.48-10) unstable; urgency=high
 .
   * Team upload.
   * Fix CVE-2024-29025:
     Julien Viet discovered that Netty, a Java NIO client/server socket
     framework, was vulnerable to allocation of resources without limits or
     throttling due to the accumulation of data in the HttpPostRequestDecoder.
     This would allow an attacker to cause a denial of service.
     Thanks to Salvatore Bonaccorso for the report. (Closes: #1068110)
Checksums-Sha1:
 93f3861280d96cf0d92fbb7b00b7c4022ad0a46e 2573 netty_4.1.48-10.dsc
 e146316f0e3aef11e1e2e31e12332f63257ce280 43116 netty_4.1.48-10.debian.tar.xz
 2c13c8f43e404a0867bcf6405ff8c64eee33e8c4 16247 netty_4.1.48-10_amd64.buildinfo
Checksums-Sha256:
 20405785f7dbf3dfa6acab842843fd11325d070fe7933a31f3c1a5df1b262667 2573 netty_4.1.48-10.dsc
 6db4654cec7819c9584f1aff7a4ba2c3712d20ab6eb8b515695bc5ef6af55b94 43116 netty_4.1.48-10.debian.tar.xz
 3e414bf6b72cba2a90ef9cce9e976b79289f394fb86e176cb835d17ea3c167a0 16247 netty_4.1.48-10_amd64.buildinfo
Files:
 1bbc65fecdf4a69526ff1e14a7f8248f 2573 java optional netty_4.1.48-10.dsc
 e2a38b6bd08265c01a0d610fd497f0bb 43116 java optional netty_4.1.48-10.debian.tar.xz
 44689d3be473f8cea3c1f7567d3115ee 16247 java optional netty_4.1.48-10_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmZBIdhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkB3sQAMzmQwEjy1m+UguK4FtdCgulhpbqA8FdKhEj
7hykv9dmSN0xh6NYae04cqB7TwMymBUNNRKWe37pKnYt0e3Wq30xfMwa4tQ85ucd
KICsesKllcfhY6CPfwaRcyU+qpB/4iin1OsAp6y06sPH0oVFJJd+AEuwTUeBg8Yj
mrkOOdZnx2XpRC79ugHArNPLybWFpe21w12bHyrIDpD6/d9R4NYN/ogqQak2+Or2
AGs6QC26kAEVadpZ2/4p3mTiggSh9uCAhx59ail7RS+oVA7bIT+b5DOlh0MPSCmw
LgA9gV0iWUvFPeTRNeKeMTK7boNDhc/p5DxG22CngLpIiFh3s57s49JE7rFJQa4e
8m8X5sLZuEzJ7fqIfEIPdsJ4oPMqqovsZAg+eIk8GWf3r8GVb3CKdOiIBz/OExLe
q80dc12JB39Rz3ai9WOXXef13SEIGBNDesu2Y4WkuxOBhlYd8jGfAMp3529dYV0U
UmRZNiCk6/IqYeHQlckSlsaQ90LhTVcRTl9/9xzCp4IcyDS5Y3Wn4hxauHOWvB+D
sEcb1FG6aBakmAbMvulMGBckP5gB5rUjEXNVikdALLcGisLZgKi9yTFaF44YY6S6
VIOlMnZ6JF1CFbPzs9Yq5rCRwYKoTT+ufmdtlS0YT/j9M7i2rCMwMDjlu9xwehRe
8Vj5SUcg
=fjYC
-----END PGP SIGNATURE-----

News for package netty