Publishing details

• Removed from disk on 2020-09-23.
• Removal requested on 2020-09-22.
• Deleted on 2020-09-22 by Emilia Torino

  USN published

• Published on 2020-09-14

Changelog

netty-3.9 (3.9.9.Final-1+deb9u1build0.18.04.1) bionic-security; urgency=medium

  * fake sync from Debian

netty-3.9 (3.9.9.Final-1+deb9u1) stretch-security; urgency=high

  * Non-maintainer upload by the LTS Team.
  * Correctly handle whitespaces in HTTP header names as defined by
    RFC7230#section-3.2.4 (CVE-2019-16869) (Closes: #941266)
  * Detect missing colon when parsing http headers with no value
    (CVE-2019-20444) (Closes: #950966)
  * Correctly handle Content-Length header that is accompanied by a second
    Content-Length header, or by a Transfer-Encoding header, by removing the
    extra Content-Length header. (CVE-2019-20445) (Closes: #950967)

 -- Paulo Flabiano Smorigo <email address hidden>  Mon, 14 Sep 2020 17:52:12 +0000

Builds

• amd64

Package files

• libnetty-3.9-java_3.9.9.Final-1+deb9u1build0.18.04.1_all.deb (1.1 MiB)
• netty-3.9_3.9.9.Final-1+deb9u1build0.18.04.1.debian.tar.xz (7.7 KiB)
• netty-3.9_3.9.9.Final-1+deb9u1build0.18.04.1.dsc (2.3 KiB)
• netty-3.9_3.9.9.Final.orig.tar.xz (490.7 KiB)