-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 19 Feb 2020 17:46:53 +0100 Source: netty-3.9 Binary: libnetty-3.9-java Architecture: source all Version: 3.9.0.Final-1+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Hilko Bengen <ben...@debian.org> Changed-By: Sylvain Beucler <b...@debian.org> Description: libnetty-3.9-java - Java NIO client/server socket framework Changes: netty-3.9 (3.9.0.Final-1+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the Debian LTS Security Team. * CVE-2014-0193: WebSocket08FrameDecoder allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames. * CVE-2014-3488: The SslHandler allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message. * CVE-2019-16869: Correctly handle whitespaces in HTTP header names as defined by RFC7230#section-3.2.4. * CVE-2019-20444: HttpObjectDecoder.java allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." * CVE-2019-20445: HttpObjectDecoder.java allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. * CVE-2020-7238: Netty allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. Checksums-Sha1: d245c117e5276871ed6d271edb4adebb041960a9 1649 netty-3.9_3.9.0.Final-1+deb8u1.dsc 95ede2260e8cc2c4d0555b41d87109157f5bbe19 700897 netty-3.9_3.9.0.Final.orig.tar.gz 5f305061146458fedb656bf6466a6c6c4036f466 12588 netty-3.9_3.9.0.Final-1+deb8u1.debian.tar.xz 137ed48fc3364aee146579821fc47d07480e563d 1065626 libnetty-3.9-java_3.9.0.Final-1+deb8u1_all.deb Checksums-Sha256: f9b72b05a3520b71c221b2da56a7a989a10add963b81a35d93bb9cde5f07a741 1649 netty-3.9_3.9.0.Final-1+deb8u1.dsc 7243603e654fc8d5b81a74fb63b0715450a8449b8923caecae1cc74521628d67 700897 netty-3.9_3.9.0.Final.orig.tar.gz 7b8ca048c5d185353f80f6f8d29adba8cded1a0b52ec92017a8e3c3983778609 12588 netty-3.9_3.9.0.Final-1+deb8u1.debian.tar.xz fd43e4bee5883c3e63f5fbf72e5bf2e82e292c75a065dea717b1c0cc95cfeb94 1065626 libnetty-3.9-java_3.9.0.Final-1+deb8u1_all.deb Files: a2ed74fe01c74b1a81f27b4d03cca194 1649 java optional netty-3.9_3.9.0.Final-1+deb8u1.dsc dd6a7cac89bd6f6a7ffc36a46ccd9799 700897 java optional netty-3.9_3.9.0.Final.orig.tar.gz e42fa24fd42805f6776f8c107c78f7ec 12588 java optional netty-3.9_3.9.0.Final-1+deb8u1.debian.tar.xz 84dd969691dc144ac414f671195f136b 1065626 java optional libnetty-3.9-java_3.9.0.Final-1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl5NbjQACgkQj/HLbo2J BZ8CFAf9EMY4HLEhfOayfdxfANrdI3IDcyyXbQrgPeQ7vxv+KmonLrLsm9MxAGsJ /SGeFSR4nNJsb87QlBmDhWkkwDjkLJr5nhBPjSkDRDkTR96EPydRxn/ySRtdwXgH n8cl0PDIKWL1SB5s/5oIHKkYioLYgskGNZzAj4dQjxBwmGi6GdNbGb+C36QGH28Y HEWLdWb1uApDIx/Yyt2kztzQwl19puQYNBbMCfqS0FzJGCQEVKor7C+KEvRX5bh8 T8NiimVMX4pnJSN7wRGDgwq0ZZidHW+jMvqrfwjd+cMZDfE6XC9VCiDQngR4O/30 dIzgkU1kenBll17RiPIxEcskDb/0JA== =WhYR -----END PGP SIGNATURE-----