netty 1:4.1.48-2 source package in Ubuntu
Changelog
netty (1:4.1.48-2) unstable; urgency=high * Team upload. * Fix CVE-2021-21290: In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Thanks to Salvatore Bonaccorso for the report. (Closes: #982580) * Switch to debhelper-compat = 13. * Declare compliance with Debian Policy 4.5.1. -- Markus Koschany <email address hidden> Mon, 15 Feb 2021 00:17:55 +0100
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- java
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
netty_4.1.48-2.dsc | 2.5 KiB | 1e8cb456ce087f00cfaf43dee1960b96165b6d54b5bacd0bf708d1c34e52e4cb |
netty_4.1.48.orig.tar.xz | 1.6 MiB | e5351d821f461f64af58e89f260ad8943b0ab75f26c1a845300a91f22a711600 |
netty_4.1.48-2.debian.tar.xz | 17.2 KiB | e8e297b7e75212e43a50703fb22fd5ab2f0de54c92a480764cc3683ef4cfe382 |
Available diffs
- diff from 1:4.1.48-1 to 1:4.1.48-2 (3.9 KiB)
No changes file available.
Binary packages built by this source
- libnetty-java: No summary available for libnetty-java in ubuntu hirsute.
No description available for libnetty-java in ubuntu hirsute.