Bug#827620: netty: CVE-2016-4970: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
Emmanuel Bourg
ebourg at apache.org
Mon Jun 20 08:07:04 UTC 2016
Le 19/06/2016 à 00:18, tony mancill a écrit :
> I haven't seen any information as to whether this vulnerability also
> affects the version in stable, 3.2.6.
I don't think Jessie is affected, the vulnerable code relies on
netty-tcnative which is in testing/unstable only. The OpenSSL
integration didn't seem to exist in netty 3.2.x.
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list