On Thu, Jan 02, 2020 at 11:38:08PM +0100, Salvatore Bonaccorso wrote: > On Fri, Sep 27, 2019 at 01:12:04PM +0200, Salvatore Bonaccorso wrote: > > Source: netty > > Version: 1:4.1.33-1 > > Severity: important > > Tags: security upstream > > Forwarded: https://github.com/netty/netty/issues/9571 > > > > Hi, > > > > The following vulnerability was published for netty. > > > > CVE-2019-16869[0]: > > | Netty before 4.1.42.Final mishandles whitespace before the colon in > > | HTTP headers (such as a "Transfer-Encoding : chunked" line), which > > | leads to HTTP request smuggling. > > Attached is the proposed debdiff. I included the tests as well > (altough those are not run).
Hi Salvatore, The debdiff looks good to me; thank you for adapting the patch for the current version in 4.1.33. No need for an NMU. I will apply your patch and perform a team upload to unstable with only this change to make it easier for backports/security uploads. Thanks, tony
signature.asc
Description: PGP signature
