Package "netty-3.9"

Name: netty-3.9


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Java NIO client/server socket framework

Latest version: 3.9.0.Final-1ubuntu0.1
Release: xenial (16.04)
Level: security
Repository: universe


Other versions of "netty-3.9" in Xenial

Repository Area Version
base universe 3.9.0.Final-1
updates universe 3.9.0.Final-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Version: 3.9.0.Final-1ubuntu0.1 2020-10-22 19:06:20 UTC

  netty-3.9 (3.9.0.Final-1ubuntu0.1) xenial-security; urgency=medium

  * Update debian/rules to fix FTBFS
  * SECURITY UPDATE: HTTP request smuggling
    - debian/patches/0004-CVE-2019-16869.patch: Correctly handle whitespaces in
      HTTP header names as defined by RFC7230#section-3.2.4.
    - debian/patches/0005-CVE-2019-20444.patch: Detect missing colon when
      parsing http headers with no value.
    - debian/patches/0006-CVE-2019-20445-1.patch: Verify we do not receive
      multiple content-length headers or a content-length and
      transfer-encoding: chunked header when using HTTP/1.1.
    - debian/patches/0007-CVE-2019-20445-2.patch: Remove "Content-Length" when
      decoding HTTP/1.1 message with both "Transfer-Encoding: chunked" and
    - CVE-2019-16869
    - CVE-2019-20444
    - CVE-2019-20445
    - CVE-2020-7238

 -- Paulo Flabiano Smorigo <email address hidden> Wed, 21 Oct 2020 18:18:23 +0000

CVE-2019-16869 Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP
CVE-2019-20444 HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incor
CVE-2019-20445 HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-En
CVE-2020-7238 Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line)

About   -   Send Feedback to @ubuntu_updates