Markus Koschany pushed to branch buster at Debian Java Maintainers / netty
Commits: 8fae5e9b by Markus Koschany at 2023-11-18T18:33:07+01:00 Fix CVE-2023-44487 - - - - - c100a553 by Markus Koschany at 2023-11-18T18:33:27+01:00 Start new changelog entry - - - - - 8713cb4a by Markus Koschany at 2023-11-18T18:44:09+01:00 Fix FTBFS with newer OpenJDK versions. - - - - - 80abe32f by Markus Koschany at 2023-11-18T19:20:04+01:00 Update 21-java-17.patch - - - - - 398dce08 by Markus Koschany at 2023-11-18T23:58:28+01:00 Merge the patches - - - - - 47c40333 by Markus Koschany at 2023-11-19T00:01:01+01:00 Update changelog - - - - - 3 changed files: - debian/changelog - + debian/patches/CVE-2023-44487.patch - debian/patches/series Changes: ===================================== debian/changelog ===================================== @@ -1,3 +1,13 @@ +netty (1:4.1.33-1+deb10u4) buster-security; urgency=high + + * Team upload. + * Fix CVE-2023-44487: + The HTTP/2 protocol allows a denial of service (server resource + consumption) because request cancellation can reset many streams quickly. + * Fix a FTBFS with newer OpenJDK versions. + + -- Markus Koschany <a...@debian.org> Sat, 18 Nov 2023 18:33:22 +0100 + netty (1:4.1.33-1+deb10u3) buster-security; urgency=high * Team upload. ===================================== debian/patches/CVE-2023-44487.patch ===================================== The diff for this file was not included because it is too large. ===================================== debian/patches/series ===================================== @@ -23,3 +23,4 @@ CVE-2021-37137.patch CVE-2021-43797.patch CVE-2022-41881.patch CVE-2022-41915.patch +CVE-2023-44487.patch View it on GitLab: https://salsa.debian.org/java-team/netty/-/compare/95a586050ebca67868165377a7b8d7b55b790f4f...47c403338db78939b391b78f11b0ee8450ef2278 -- View it on GitLab: https://salsa.debian.org/java-team/netty/-/compare/95a586050ebca67868165377a7b8d7b55b790f4f...47c403338db78939b391b78f11b0ee8450ef2278 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ pkg-java-commits mailing list pkg-java-comm...@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits