-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 12 Jan 2026 00:43:40 +0100 Source: netty Binary: libnetty-buffer-java libnetty-common-java libnetty-java Architecture: source all Version: 1:4.1.48-15 Distribution: experimental Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Description: libnetty-buffer-java - Java NIO client/server socket framework libnetty-common-java - Java NIO client/server socket framework libnetty-java - Java NIO client/server socket framework Closes: 1123606 Changes: netty (1:4.1.48-15) experimental; urgency=medium . * Team upload * Split package for preparing upgrade * Fix CVE-2025-67735 (Closes: #1123606) `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the URI. Any application / framework using `HttpRequestEncoder` can be subject to be abused to perform request smuggling using CRLF injection Checksums-Sha1: 28f66f8acfa3d112f6c33d95e896cab9b76dcab9 2588 netty_4.1.48-15.dsc 022ad0c0c76dd4ba14b1e44d11cf0b99f0feeb2b 1665244 netty_4.1.48.orig.tar.xz add38cc5265743d5228e28f16dc9f28563d328e8 61840 netty_4.1.48-15.debian.tar.xz ea4e35407ccf470a5cdcbbd62c15842d1690bca1 267256 libnetty-buffer-java_4.1.48-15_all.deb 76c9273f0ef13d5c7adc88e16b2db1d2e461f58f 556700 libnetty-common-java_4.1.48-15_all.deb 6a5e6d6470094a83887bcb17eda1fcc2fe989245 2863972 libnetty-java_4.1.48-15_all.deb abc01c20e2e161bd15876a8f08ef4491fa4e99c3 16886 netty_4.1.48-15_amd64.buildinfo Checksums-Sha256: 7bae9789360cb6819b7bd4e6dbe8ff9ccc8e3a9338e2a37db07e4ac30e8b5f96 2588 netty_4.1.48-15.dsc e5351d821f461f64af58e89f260ad8943b0ab75f26c1a845300a91f22a711600 1665244 netty_4.1.48.orig.tar.xz 8fdbdab0b0a846b309fcfdd41fbb7cd12964ef0994e74a344f5659d58e5c0a74 61840 netty_4.1.48-15.debian.tar.xz e86b89b031c92de56f81d79be28e70be223cd91562d27dc1dba997d7d67c6356 267256 libnetty-buffer-java_4.1.48-15_all.deb e5e9c0b239db639db0509a8205360363f49817cd78c2c19ab8865831a2f5591c 556700 libnetty-common-java_4.1.48-15_all.deb 43df4ef265cd7087443f0fc6b4a6e95a55df0a32b45071c1f2986c6253d7c6c8 2863972 libnetty-java_4.1.48-15_all.deb 0bdce1a184bc687af7f89fbeea4c1d0838ea600e3365a0e290bdcbba06e865bc 16886 netty_4.1.48-15_amd64.buildinfo Files: 32583475ac53f089ba0cba7b78f791db 2588 java optional netty_4.1.48-15.dsc ebc25581b3e2b6e1bb47200ba260a636 1665244 java optional netty_4.1.48.orig.tar.xz 63d0530dd55dcda7de3dd59122047f54 61840 java optional netty_4.1.48-15.debian.tar.xz dd87b77a3376d3e13e833fad0011c4ba 267256 java optional libnetty-buffer-java_4.1.48-15_all.deb d5137fca5ba1e9deb093a1ac15a3ae02 556700 java optional libnetty-common-java_4.1.48-15_all.deb c4dd19572ab5db7ae475c63204e06a43 2863972 java optional libnetty-java_4.1.48-15_all.deb c5b81565d6285383a06b48042c422317 16886 java optional netty_4.1.48-15_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmmHLZkRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF+zXRAAjxGNGhNi3Sq/O+LqiEWuc0/3asupxsZU OjRKJVfv2C73V9phqAgAzGkdlUq8eoEN3biSmJtgZPIz+06It5MPoUHftFkPCJ3w nSQyZ4DnBJsYMPS6Skfr+k1tEAVhyyN3cecNgy4w9p7raSVc1FYp3o153lVL6SfA jECzlCgPY1Viw4GKIMxjw01ybp5L7Yt2cKvmLNNOJxs0K6U2HUNeP5LidBk33uj4 +fnBiP5hVEvtYV/FzSbvV3z/MVz/Waoz3MkDWG13WPBxhWAQl+Dp5LMFDPJ0F+9W LsXf6qUrCkdhvM3wgBa+N5UUXqyzQ3QyM6SDo/BwpPeO8u7d7AKFyqGUT2kqvCIj ZHKPoOZFQK0fLLzUUEiId/fVwp/XSooqxJaC4YQT7gpqgFdepsXQRDwLoGwAbn7u jEkwcIFty7lBeAxsAjCzCP4Zn1Bzka0OCCnQiQ4We4oOHunU298eelwYG1hW8d/q 2Ts/kRlQDJVWQ4yunuSV9TLiIP/J+Tx6y8p+Zi/Sl13XjAM0YKEHgvMKVYeXJmul sArUPEKUxm8IHtI7MckYwIfcm/uZPk6putlXvLurTziw1L2RbGvUJX1Td++iWPT8 TRlm2GDZlQ56b2WPxLUa97kYpjDbf5eFgn2RWKOAFFXDUxzRdKLoqQvuHXxBgeW6 CXmzhONaQ+Y= =NG/W -----END PGP SIGNATURE-----
