Debian Package Tracker
Register | Log in
Subscribe

netty

Java NIO client/server socket framework

Choose email to subscribe with

general
  • source: netty (main)
  • version: 1:4.1.48-1
  • maintainer: Debian Java Maintainers (archive) (DMD)
  • uploaders: Kyo Lee [DMD] – Chris Grzegorczyk [DMD] – Graziano Obertelli [DMD]
  • arch: all
  • std-ver: 4.5.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1:3.2.6.Final-2
  • o-o-sec: 1:3.2.6.Final-2+deb8u2
  • oldstable: 1:4.1.7-2+deb9u1
  • old-sec: 1:4.1.7-2+deb9u2
  • stable: 1:4.1.33-1+deb10u1
  • stable-sec: 1:4.1.33-1+deb10u1
  • testing: 1:4.1.48-1
  • unstable: 1:4.1.48-1
versioned links
  • 1:3.2.6.Final-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:3.2.6.Final-2+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:4.1.7-2+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:4.1.7-2+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:4.1.33-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:4.1.48-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libnetty-java (1 bugs: 0, 1, 0, 0)
action needed
A new upstream version is available: 4.1.56 high
A new upstream version 4.1.56 is available, you should consider packaging it.
Created: 2020-06-29 Last update: 2021-01-16 01:07
4 security issues in buster high
There are 4 open security issues in buster.
4 important issues:
  • CVE-2019-20444: HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
  • CVE-2019-20445: HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
  • CVE-2020-11612: The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
  • CVE-2020-7238: Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
Please fix them.
Created: 2020-01-30 Last update: 2020-09-04 22:05
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).
Created: 2020-11-17 Last update: 2020-11-17 05:41
news
[rss feed]
  • [2020-09-04] Accepted netty 1:4.1.7-2+deb9u2 (source) into oldstable (Roberto C. Sanchez)
  • [2020-04-11] netty 1:4.1.48-1 MIGRATED to testing (Debian testing watch)
  • [2020-04-05] Accepted netty 1:4.1.48-1 (source) into unstable (Emmanuel Bourg)
  • [2020-03-26] netty 1:4.1.45-2 MIGRATED to testing (Debian testing watch)
  • [2020-03-21] Accepted netty 1:4.1.45-2 (source) into unstable (Sudip Mukherjee) (signed by: tony mancill)
  • [2020-03-01] netty 1:4.1.45-1 MIGRATED to testing (Debian testing watch)
  • [2020-02-24] Accepted netty 1:4.1.45-1 (source) into unstable (Emmanuel Bourg)
  • [2020-02-19] Accepted netty 1:3.2.6.Final-2+deb8u2 (source all) into oldoldstable (Sylvain Beucler)
  • [2020-01-14] netty 1:4.1.33-3 MIGRATED to testing (Debian testing watch)
  • [2020-01-09] Accepted netty 1:4.1.33-3 (source) into unstable (tony mancill)
  • [2020-01-08] Accepted netty 1:4.1.7-2+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
  • [2020-01-06] Accepted netty 1:4.1.33-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
  • [2020-01-05] netty 1:4.1.33-2 MIGRATED to testing (Debian testing watch)
  • [2020-01-03] Accepted netty 1:4.1.33-1+deb10u1 (source) into stable->embargoed, stable (Salvatore Bonaccorso)
  • [2020-01-03] Accepted netty 1:4.1.7-2+deb9u1 (source) into oldstable->embargoed, oldstable (Salvatore Bonaccorso)
  • [2020-01-03] Accepted netty 1:4.1.33-2 (source) into unstable (Salvatore Bonaccorso) (signed by: tony mancill)
  • [2019-09-30] Accepted netty 1:3.2.6.Final-2+deb8u1 (source all) into oldoldstable (Mike Gabriel)
  • [2019-01-27] netty 1:4.1.33-1 MIGRATED to testing (Debian testing watch)
  • [2019-01-22] Accepted netty 1:4.1.33-1 (source) into unstable (Emmanuel Bourg)
  • [2018-09-10] netty 1:4.1.29-1 MIGRATED to testing (Debian testing watch)
  • [2018-09-04] Accepted netty 1:4.1.29-1 (source) into unstable (Emmanuel Bourg)
  • [2017-08-06] netty 1:4.1.7-4 MIGRATED to testing (Debian testing watch)
  • [2017-07-30] Accepted netty 1:4.1.7-4 (source all) into unstable (tony mancill)
  • [2017-07-28] netty 1:4.1.7-3 MIGRATED to testing (Debian testing watch)
  • [2017-07-23] Accepted netty 1:4.1.7-3 (source all) into unstable (tony mancill)
  • [2017-02-03] netty 1:4.1.7-2 MIGRATED to testing (Debian testing watch)
  • [2017-01-23] Accepted netty 1:4.1.7-2 (source all) into unstable (Emmanuel Bourg)
  • [2017-01-16] Accepted netty 1:4.1.7-1 (source all) into unstable (Emmanuel Bourg)
  • [2016-11-04] netty 1:4.0.42-1 MIGRATED to testing (Debian testing watch)
  • [2016-10-29] Accepted netty 1:4.0.42-1 (source all) into unstable (Emmanuel Bourg)
  • 1
  • 2
bugs [bug history graph]
  • all: 1
  • RC: 0
  • I&N: 1
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian
  • buildd: logs, clang, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1:4.1.48-1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing