netty_4.1.48-12_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Wed Nov 19 11:21:12 GMT 2025 

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 16 Nov 2025 09:30:49 +0100
Source: netty
Architecture: source
Version: 1:4.1.48-12
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Closes: 1113994
Changes:
 netty (1:4.1.48-12) unstable; urgency=high
 .
   * Team upload
   * Fix CVE-2025-58057:
     When supplied with specially crafted input, BrotliDecoder
     and certain other decompression decoders will allocate
     a large number of reachable byte buffers, which can lead
     to denial of service. BrotliDecoder.decompress has no limit
     in how often it calls pull, decompressing data 64K bytes at
     a time. The buffers are saved in the output list, and remain
     reachable until OOM is hit.
     (Closes: #1113994)
Checksums-Sha1:
 9eaf4559cea779aff3cfec6e9101633f79ba160b 2447 netty_4.1.48-12.dsc
 022ad0c0c76dd4ba14b1e44d11cf0b99f0feeb2b 1665244 netty_4.1.48.orig.tar.xz
 4b3af54bbf85900b0f7c54fe8bb1c4a8fe1e7baf 54792 netty_4.1.48-12.debian.tar.xz
 57842408b5c6e34212b111cf358f251d5bd8f20d 5430 netty_4.1.48-12_source.buildinfo
Checksums-Sha256:
 c35b25c745caaac0f407b52d42dd13b9d2cafcf63256315e14dd1589114a534b 2447 netty_4.1.48-12.dsc
 e5351d821f461f64af58e89f260ad8943b0ab75f26c1a845300a91f22a711600 1665244 netty_4.1.48.orig.tar.xz
 302c7a604b6be30a617dad2ec77ff920d3b7ea3cbdd3524d7f0f22a048aaf52c 54792 netty_4.1.48-12.debian.tar.xz
 8ec9ad5c784b1d8039e621f3fd9d278885ae035356321ddd4b99d5e4956ef451 5430 netty_4.1.48-12_source.buildinfo
Files:
 a6094f329fb94c14838bf2469a3410d0 2447 java optional netty_4.1.48-12.dsc
 ebc25581b3e2b6e1bb47200ba260a636 1665244 java optional netty_4.1.48.orig.tar.xz
 887560581ec03192328539a348becb9d 54792 java optional netty_4.1.48-12.debian.tar.xz
 9bc0504ab81737f02d3553a85d70df67 5430 java optional netty_4.1.48-12_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmkdpsMRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9HQg//b9c+N0Oy1yoEdxcIHifqPmHMNSonK6uY
pQJh0tgwaGs/4L1Y8mU0RTnXnv1Ufk20mvYPBl3JuZahpQxD6iU0wRP/BSpKL/NU
lhPzuKWRbW+TEWqGZ/BxqsIWZ6Pjt1a5emJwAPTg72/8h94+wpKXXl+U7w5aZSEu
4Bq0ymBYrpCYfS/iEWUDlCSw9fbyinMZIB69awkuO2LkLUeyMLBVir66X1f2dRmP
iY8+bA4LSO2FNl0LHUDGEYewGdiGWZrerWycF6aG3AvIj7mOmBtiTLsIM31RghCR
0GXHrNZOAefS5JdWErorMzqUcgsB6AIrC7+dLdbrVs6mjhz8mulIK5j95P4izdlg
woyHvbbASobgq7L0PlOTqwMqiIy8b5T9Lwb8QdOfMWgsRDVWnyX4+zbaCB/5FWj6
4iB0iAmihX1Z1vvWp8L7XDtllsAJypEWZ/tyuEqYtWXc6v/k33idmzk/Q7cZbP/E
LglQtLAsV7ZtrlIk3Qtt4Tv5SnQjii3/BGxNb96cg7JXzeXHloXlBaO0j6kbGiou
FSUExCZv1k9Vzuysk0mJUdqCthYKWir5LAu4aDGTrtYiZS5Zt4FG8+Ch83DVDhiU
z2wQhUh1BW7RotJenLzCi6MH9bOlLEUFNNAlNHxT/5mCXCOWUXoAJbyC/O/wbaBq
t9kZ5WLNZSo=
=0AFl
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20251119/3351f20c/attachment.sig>

More information about the pkg-java-maintainers mailing list