[Git][security-tracker-team/security-tracker][master] Netty triage recent CVE

Bastien Roucariès (@rouca) rouca at debian.org
Mon Apr 6 14:53:33 BST 2026 


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dac86542 by Bastien Roucariès at 2026-04-06T15:53:12+02:00
Netty triage recent CVE

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3944,9 +3944,11 @@ CVE-2026-33872 (elixir-nodejs provides an Elixir API for calling Node.js functio
 CVE-2026-33871 (Netty is an asynchronous, event-driven network application framework.  ...)
 	- netty <unfixed> (bug #1132230)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv
+	NOTE: Fixed by: https://github.com/netty/netty/commit/9f47a7b6846e6c7cb0481789be51788944042b85 (netty-4.1.132.Final)
 CVE-2026-33870 (Netty is an asynchronous, event-driven network application framework.  ...)
 	- netty <unfixed> (bug #1132229)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8
+	NOTE: Fixed by: https://github.com/netty/netty/commit/60e53c99f2e80aef1025e9038e33cdf261ed9819 (netty-4.1.132.Final)
 CVE-2026-33869 (Mastodon is a free, open-source social network server based on Activit ...)
 	- mastodon <itp> (bug #859741)
 CVE-2026-33868 (Mastodon is a free, open-source social network server based on Activit ...)
@@ -87787,6 +87789,7 @@ CVE-2025-58057 (Netty is an asynchronous event-driven network application framew
 	NOTE: https://github.com/netty/netty/pull/15612
 	NOTE: Fixed by: https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d (netty-4.2.5.Final)
 	NOTE: Fixed by: https://github.com/netty/netty/commit/34894ac73b02efefeacd9c0972780b32dc3de04f (netty-4.1.125.Final)
+	NOTE: Regression fixed by: https://github.com/netty/netty/commit/10c1603cbab5e72a029521058eb35e15a8b7c7c5 (netty-4.1.132.Final)
 CVE-2025-58056 (Netty is an asynchronous event-driven network application framework fo ...)
 	{DSA-6160-1 DLA-4519-1}
 	- netty 1:4.1.48-13 (bug #1113995)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dac8654224b9e0b8594f014043d8e430d9c75cd3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dac8654224b9e0b8594f014043d8e430d9c75cd3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260406/cad80107/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list