netty 1:4.1.48-4 source package in Debian
Changelog
netty (1:4.1.48-4) unstable; urgency=high
* Team upload.
* Fix CVE-2021-21409 (Closes: #986217)
Address a vulnerability that enables request smuggling. The content-length
header is not correctly validated if the request only uses a single
Http2HeaderFrame with the endStream set to true. This could lead to request
smuggling if the request is proxied to a remote peer and translated to
HTTP/1.1. This is a followup to CVE-2021-21295 to address this case.
-- tony mancill <email address hidden> Wed, 31 Mar 2021 22:01:52 -0700
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- java
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| netty_4.1.48-4.dsc | 2.4 KiB | d4a9ff93064e5c80936ea85b4ccc96cdc7873612505cbfc199ad7d1c8c7c48ed |
| netty_4.1.48.orig.tar.xz | 1.6 MiB | e5351d821f461f64af58e89f260ad8943b0ab75f26c1a845300a91f22a711600 |
| netty_4.1.48-4.debian.tar.xz | 23.6 KiB | b0e09c1c1c3ad3d81d695facf6a26bac37f1ce43cd84dc41a07b93776bd5ae2e |
Available diffs
- diff from 1:4.1.48-2 to 1:4.1.48-4 (8.3 KiB)
No changes file available.
