USN published
netty-3.9 (3.9.9.Final-1+deb9u1build0.18.04.1) bionic-security; urgency=medium * fake sync from Debian netty-3.9 (3.9.9.Final-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the LTS Team. * Correctly handle whitespaces in HTTP header names as defined by RFC7230#section-3.2.4 (CVE-2019-16869) (Closes: #941266) * Detect missing colon when parsing http headers with no value (CVE-2019-20444) (Closes: #950966) * Correctly handle Content-Length header that is accompanied by a second Content-Length header, or by a Transfer-Encoding header, by removing the extra Content-Length header. (CVE-2019-20445) (Closes: #950967) -- Paulo Flabiano Smorigo <email address hidden> Mon, 14 Sep 2020 17:52:12 +0000