netty 1:4.1.48-2 source package in Ubuntu
Changelog
netty (1:4.1.48-2) unstable; urgency=high
* Team upload.
* Fix CVE-2021-21290:
In Netty there is a vulnerability on Unix-like systems involving an
insecure temp file. When netty's multipart decoders are used local
information disclosure can occur via the local system temporary directory
if temporary storing uploads on the disk is enabled. On unix-like systems,
the temporary directory is shared between all user. As such, writing to
this directory using APIs that do not explicitly set the file/directory
permissions can lead to information disclosure. Thanks to Salvatore
Bonaccorso for the report. (Closes: #982580)
* Switch to debhelper-compat = 13.
* Declare compliance with Debian Policy 4.5.1.
-- Markus Koschany <email address hidden> Mon, 15 Feb 2021 00:17:55 +0100
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- java
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| netty_4.1.48-2.dsc | 2.5 KiB | 1e8cb456ce087f00cfaf43dee1960b96165b6d54b5bacd0bf708d1c34e52e4cb |
| netty_4.1.48.orig.tar.xz | 1.6 MiB | e5351d821f461f64af58e89f260ad8943b0ab75f26c1a845300a91f22a711600 |
| netty_4.1.48-2.debian.tar.xz | 17.2 KiB | e8e297b7e75212e43a50703fb22fd5ab2f0de54c92a480764cc3683ef4cfe382 |
Available diffs
- diff from 1:4.1.48-1 to 1:4.1.48-2 (3.9 KiB)
No changes file available.
Binary packages built by this source
- libnetty-java: No summary available for libnetty-java in ubuntu hirsute.
No description available for libnetty-java in ubuntu hirsute.
