Register | Log in

netty

Java NIO client/server socket framework

Choose email to subscribe with

general

source: netty (main)
version: 1:4.1.48-1
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Kyo Lee [DMD] – Chris Grzegorczyk [DMD] – Graziano Obertelli [DMD]
arch: all
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:3.2.6.Final-2
o-o-sec: 1:3.2.6.Final-2+deb8u2
oldstable: 1:4.1.7-2+deb9u1
old-sec: 1:4.1.7-2+deb9u2
stable: 1:4.1.33-1+deb10u1
stable-sec: 1:4.1.33-1+deb10u1
testing: 1:4.1.48-1
unstable: 1:4.1.48-1

versioned links

1:3.2.6.Final-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:3.2.6.Final-2+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.1.7-2+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.1.7-2+deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.1.33-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.1.48-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libnetty-java (1 bugs: 0, 1, 0, 0)

action needed

A new upstream version is available: 4.1.56 high

A new upstream version 4.1.56 is available, you should consider packaging it.

Created: 2020-06-29 Last update: 2021-01-16 01:07

4 security issues in buster high

There are 4 open security issues in buster.

4 important issues:

CVE-2019-20444: HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CVE-2019-20445: HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
CVE-2020-11612: The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
CVE-2020-7238: Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.

Please fix them.

Created: 2020-01-30 Last update: 2020-09-04 22:05

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2020-11-17 05:41

news

[2020-09-04] Accepted netty 1:4.1.7-2+deb9u2 (source) into oldstable (Roberto C. Sanchez)
[2020-04-11] netty 1:4.1.48-1 MIGRATED to testing (Debian testing watch)
[2020-04-05] Accepted netty 1:4.1.48-1 (source) into unstable (Emmanuel Bourg)
[2020-03-26] netty 1:4.1.45-2 MIGRATED to testing (Debian testing watch)
[2020-03-21] Accepted netty 1:4.1.45-2 (source) into unstable (Sudip Mukherjee) (signed by: tony mancill)
[2020-03-01] netty 1:4.1.45-1 MIGRATED to testing (Debian testing watch)
[2020-02-24] Accepted netty 1:4.1.45-1 (source) into unstable (Emmanuel Bourg)
[2020-02-19] Accepted netty 1:3.2.6.Final-2+deb8u2 (source all) into oldoldstable (Sylvain Beucler)
[2020-01-14] netty 1:4.1.33-3 MIGRATED to testing (Debian testing watch)
[2020-01-09] Accepted netty 1:4.1.33-3 (source) into unstable (tony mancill)
[2020-01-08] Accepted netty 1:4.1.7-2+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Salvatore Bonaccorso)
[2020-01-06] Accepted netty 1:4.1.33-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2020-01-05] netty 1:4.1.33-2 MIGRATED to testing (Debian testing watch)
[2020-01-03] Accepted netty 1:4.1.33-1+deb10u1 (source) into stable->embargoed, stable (Salvatore Bonaccorso)
[2020-01-03] Accepted netty 1:4.1.7-2+deb9u1 (source) into oldstable->embargoed, oldstable (Salvatore Bonaccorso)
[2020-01-03] Accepted netty 1:4.1.33-2 (source) into unstable (Salvatore Bonaccorso) (signed by: tony mancill)
[2019-09-30] Accepted netty 1:3.2.6.Final-2+deb8u1 (source all) into oldoldstable (Mike Gabriel)
[2019-01-27] netty 1:4.1.33-1 MIGRATED to testing (Debian testing watch)
[2019-01-22] Accepted netty 1:4.1.33-1 (source) into unstable (Emmanuel Bourg)
[2018-09-10] netty 1:4.1.29-1 MIGRATED to testing (Debian testing watch)
[2018-09-04] Accepted netty 1:4.1.29-1 (source) into unstable (Emmanuel Bourg)
[2017-08-06] netty 1:4.1.7-4 MIGRATED to testing (Debian testing watch)
[2017-07-30] Accepted netty 1:4.1.7-4 (source all) into unstable (tony mancill)
[2017-07-28] netty 1:4.1.7-3 MIGRATED to testing (Debian testing watch)
[2017-07-23] Accepted netty 1:4.1.7-3 (source all) into unstable (tony mancill)
[2017-02-03] netty 1:4.1.7-2 MIGRATED to testing (Debian testing watch)
[2017-01-23] Accepted netty 1:4.1.7-2 (source all) into unstable (Emmanuel Bourg)
[2017-01-16] Accepted netty 1:4.1.7-1 (source all) into unstable (Emmanuel Bourg)
[2016-11-04] netty 1:4.0.42-1 MIGRATED to testing (Debian testing watch)
[2016-10-29] Accepted netty 1:4.0.42-1 (source all) into unstable (Emmanuel Bourg)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:4.1.48-1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing