[Git][security-tracker-team/security-tracker][master] dla: drop netty

Sylvain Beucler beuc at debian.org
Thu Apr 16 17:53:41 BST 2020 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0ee82137 by Sylvain Beucler at 2020-04-16T18:52:02+02:00
dla: drop netty
Note: fix/mitigation is not incomplete for zlib, which is what CVE-2020-11612 describes.
If other compression methods require a fix, there will be different CVEs.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -768,6 +768,7 @@ CVE-2020-11613
 	RESERVED
 CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...)
 	- netty 1:4.1.48-1
+	[jessie] - netty <ignored> (OOM DoS with fix/mitigation involving new API; too intrusive to backport due to more limited 3.x buffer API)
 	NOTE: https://github.com/netty/netty/issues/6168
 	NOTE: https://github.com/netty/netty/pull/9924
 	NOTE: https://github.com/netty/netty/commit/1543218d3e7afcb33a90b728b14370395a3deca0


=====================================
data/dla-needed.txt
=====================================
@@ -48,10 +48,6 @@ mumble (Abhijith PA)
   NOTE: 20200325: Regression in last upload, forgot to follow up.
   NOTE: 20200325: https://github.com/mumble-voip/mumble/issues/3605 (abhijith)
 --
-netty (Sylvain Beucler)
-  NOTE: 20200408: Upstream patch looks fairly invasive and maybe incomplete
-  NOTE: 20200408: ("This should probably be reopened.") (lamby)
---
 opendmarc (Thorsten Alteholz)
   NOTE: 20200406: still testing package, original patch does not seem to be enough, still ongoing
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ee821375eb4b2ad4207bc22d6e2a1212fa3beb2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0ee821375eb4b2ad4207bc22d6e2a1212fa3beb2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200416/b6ab6c7f/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list