Ubuntu
netty package

netty 1:4.1.7-4ubuntu0.1 source package in Ubuntu

Changelog

netty (1:4.1.7-4ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: HTTP request smuggling
      HTTP header names as defined by RFC7230#section-3.2.4.
    - debian/patches/0005-CVE-2019-20444.patch: Detect missing colon when
      parsing http headers with no value.
    - debian/patches/0006-CVE-2019-20445-1.patch: Verify we do not receive
      multiple content-length headers or a content-length and
      transfer-encoding: chunked header when using HTTP/1.1.
    - debian/patches/0007-CVE-2019-20445-2.patch: Remove "Content-Length" when
      decoding HTTP/1.1 message with both "Transfer-Encoding: chunked" and
      "Content-Length".
    - debian/patches/18-CVE-2019-20445-3.patch: Added tests for
      Transfer-Encoding header with whitespace.
    - CVE-2019-20444
    - CVE-2019-20445
  * SECURITY UPDATE: Memory buffer out of bounds
    - debian/patches/19-CVE-2020-11612.patch: Allow a limit to be set on the
      decompressed buffer size for ZlibDecoders.
    - CVE-2020-11612

 -- Paulo Flabiano Smorigo <email address hidden>  Mon, 26 Oct 2020 13:24:33 +0000

Upload details

Uploaded by:
Paulo Flabiano Smorigo
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
java
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates universe java
Bionic security universe java

Builds

Bionic: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
netty_4.1.7.orig.tar.xz 1.3 MiB a4cb7f759dc00bfdbe0d1c3578f35361b3c0a48176e564ee621fae64e90ce4a3
netty_4.1.7-4ubuntu0.1.debian.tar.xz 17.1 KiB 23bade3ba6eff8137b268ceae9e8c96fdb98924f2e3713ed0db457ac0b37f539
netty_4.1.7-4ubuntu0.1.dsc 2.6 KiB f54dba7a5b36415e49428ac1ef94156e61ea697f8ec88f24bbfc62a4b9703e67

View changes file

Binary packages built by this source

libnetty-java: Java NIO client/server socket framework

 Netty is a Java NIO client/server framework which enables quick and easy
 development of network applications such as protocol servers and clients.
 It greatly simplifies and streamlines network programming such as TCP and UDP
 socket server.