[Git][java-team/netty][buster] 6 commits: Fix CVE-2023-44487
Markus Koschany (@apo)
gitlab at salsa.debian.org
Sun Nov 19 18:01:14 GMT 2023
Markus Koschany pushed to branch buster at Debian Java Maintainers / netty
Commits:
8fae5e9b by Markus Koschany at 2023-11-18T18:33:07+01:00
Fix CVE-2023-44487
- - - - -
c100a553 by Markus Koschany at 2023-11-18T18:33:27+01:00
Start new changelog entry
- - - - -
8713cb4a by Markus Koschany at 2023-11-18T18:44:09+01:00
Fix FTBFS with newer OpenJDK versions.
- - - - -
80abe32f by Markus Koschany at 2023-11-18T19:20:04+01:00
Update 21-java-17.patch
- - - - -
398dce08 by Markus Koschany at 2023-11-18T23:58:28+01:00
Merge the patches
- - - - -
47c40333 by Markus Koschany at 2023-11-19T00:01:01+01:00
Update changelog
- - - - -
3 changed files:
- debian/changelog
- + debian/patches/CVE-2023-44487.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,13 @@
+netty (1:4.1.33-1+deb10u4) buster-security; urgency=high
+
+ * Team upload.
+ * Fix CVE-2023-44487:
+ The HTTP/2 protocol allows a denial of service (server resource
+ consumption) because request cancellation can reset many streams quickly.
+ * Fix a FTBFS with newer OpenJDK versions.
+
+ -- Markus Koschany <apo at debian.org> Sat, 18 Nov 2023 18:33:22 +0100
+
netty (1:4.1.33-1+deb10u3) buster-security; urgency=high
* Team upload.
=====================================
debian/patches/CVE-2023-44487.patch
=====================================
The diff for this file was not included because it is too large.
=====================================
debian/patches/series
=====================================
@@ -23,3 +23,4 @@ CVE-2021-37137.patch
CVE-2021-43797.patch
CVE-2022-41881.patch
CVE-2022-41915.patch
+CVE-2023-44487.patch
View it on GitLab: https://salsa.debian.org/java-team/netty/-/compare/95a586050ebca67868165377a7b8d7b55b790f4f...47c403338db78939b391b78f11b0ee8450ef2278
--
View it on GitLab: https://salsa.debian.org/java-team/netty/-/compare/95a586050ebca67868165377a7b8d7b55b790f4f...47c403338db78939b391b78f11b0ee8450ef2278
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20231119/c4b9432a/attachment.htm>
More information about the pkg-java-commits
mailing list