Your message dated Fri, 03 Jan 2020 05:20:54 +0000 with message-id <e1infoi-000bet...@fasolo.debian.org> and subject line Bug#941266: fixed in netty 1:4.1.33-2 has caused the Debian Bug report #941266, regarding netty: CVE-2019-16869 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 941266: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941266 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: netty Version: 1:4.1.33-1 Severity: important Tags: security upstream Forwarded: https://github.com/netty/netty/issues/9571 Hi, The following vulnerability was published for netty. CVE-2019-16869[0]: | Netty before 4.1.42.Final mishandles whitespace before the colon in | HTTP headers (such as a "Transfer-Encoding : chunked" line), which | leads to HTTP request smuggling. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-16869 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16869 [1] https://github.com/netty/netty/issues/9571 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: netty Source-Version: 1:4.1.33-2 We believe that the bug you reported is fixed in the latest version of netty, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 941...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated netty package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 02 Jan 2020 20:47:57 +0100 Source: netty Architecture: source Version: 1:4.1.33-2 Distribution: unstable Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 941266 Changes: netty (1:4.1.33-2) unstable; urgency=high . * Team upload. * Correctly handle whitespaces in HTTP header names as defined by RFC7230#section-3.2.4 (CVE-2019-16869) (Closes: #941266) Checksums-Sha1: dec7b6dba3b819a8fbe05e04e7f0d3c890f7e5ff 2463 netty_4.1.33-2.dsc 9d7decd0b6ab95cface74821069a8a06916e33b6 13116 netty_4.1.33-2.debian.tar.xz cc8cd7b3428bf2ecddba27ffefa12d900b5589ba 14013 netty_4.1.33-2_amd64.buildinfo Checksums-Sha256: 299e7e07c56442b47c945bcd98e5bb446f0ffcbfe987a5ee97faa69548dfa4e7 2463 netty_4.1.33-2.dsc a7f9b3e18b584501c9199626bf4aeec9804b5ffb3e457828b73768779415f992 13116 netty_4.1.33-2.debian.tar.xz eea66a1fb0c9feee49e777b21336eab579e0582153541531a2ea5b0294e76b97 14013 netty_4.1.33-2_amd64.buildinfo Files: f16654d072ff6e05ccf8248fa26e3541 2463 java optional netty_4.1.33-2.dsc 85270be51c6f7853ca70b928531d7cc7 13116 java optional netty_4.1.33-2.debian.tar.xz cd131ebd5490ce42ca318ff13a36b43f 14013 java optional netty_4.1.33-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAl4OyvcUHHRtYW5jaWxs QGRlYmlhbi5vcmcACgkQIdIFiZdLPpYt7BAAmYyd1HNP7vxDzK3FgHk+mAiadwGY JzvQ8YgFRgwf7TZHWD67Ouqb5tLcl72s+FOU4ECuvgj+YuSFQyoDr9+mjjl+AtSB 79lrdCzidtEsKCq4oJVWeUykJR0mPS49rA4ZpsKebpdJkbFlp/KdjUPbm/9Mne+w CY/SyI/f36uYEArT1Ir3b3fhjhjtsvLIMG5gC/jZGrMMJR4QEW1wSVzLx7INUKX0 UZfyMmSfGL8lGjPx4WyarCY70JpIT2bTsVV8XVeO7WBvd4pcOJap44FawgiuGRj2 WSJJBQsrJumF6duRWsSB6Colh+EBdPc6lr9MGhkH3Rb9OaTlrDkH9gDNJ2z6hBO1 MwclSpQJx4r8f9fHCY8PPs2gkjAH9i64tbGnEDrb2IHyPMjEboyoLAukTgWDifQn Mlz2oZth4A+KdBb+QFN9JjyZR9SznJHwjjjDda43qbYuqtie9aZ6jup/tyFBqZKY ERoAqwg5s7GNDo1JGqoCaCRizCUi5pETHNogqLRcGaWYbbjEHuW5FE0l2eL3JnBQ RP5s8J4ZIlQgYjLR4hNjnuGY8YkCaJCwzTZoZ6gbjSkopaNJYshuQVnnrZSO3Tnm Rlm3V9eQqRZtnCYNgsmJ9//fIMBhkEkRRktrERAMHHKjyCebTDHRLWZestPbPrEI 32N44rRSgJKDfS0= =bzze -----END PGP SIGNATURE-----
--- End Message ---
