Source: netty Version: 1:4.0.36-2 Severity: important Tags: security upstream
Hi, the following vulnerability was published for netty. Can you please double-check this issue. According the upstream all versions 4.0.0.Final - 4.0.36.Final and 4.1.0.Final would be affected, and fixed in 4.1.1.Final, according to [1]. CVE-2016-4970[0]: Infinite loop vulnerability when handling renegotiation using SslProvider.OpenSsl If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-4970 [1] http://netty.io/news/2016/06/07/4-1-1-Final.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
