Bug#827620: netty: CVE-2016-4970: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl
Salvatore Bonaccorso
carnil at debian.org
Mon Jun 20 09:06:51 UTC 2016
Hi Emmanuel,
On Mon, Jun 20, 2016 at 10:07:04AM +0200, Emmanuel Bourg wrote:
> Le 19/06/2016 à 00:18, tony mancill a écrit :
>
> > I haven't seen any information as to whether this vulnerability also
> > affects the version in stable, 3.2.6.
>
> I don't think Jessie is affected, the vulnerable code relies on
> netty-tcnative which is in testing/unstable only. The OpenSSL
> integration didn't seem to exist in netty 3.2.x.
Thanks for confirming!
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list