Package "netty"
| Name: |
netty
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- Java NIO client/server socket framework
|
| Latest version: |
1:4.1.48-9ubuntu0.1 |
| Release: |
noble (24.04) |
| Level: |
updates |
| Repository: |
universe |
Links
Other versions of "netty" in Noble
Packages in group
Deleted packages are displayed in grey.
Changelog
|
netty (1:4.1.48-9ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2025-58057.patch: Adjust how decoders and
decompressors manage buffers to prevent out-of-memory in
.../http/HttpContentDecoder.java,
.../http2/DelegatingDecompressorFrameListener.java,
.../compression/JZlibDecoder.java, .../compression/JdkZlibDecoder.java,
and add tests to .../http/HttpContentDecompressorTest.java and
.../compression/{AbstractIntegrationTest.java,
JZlibIntegrationTest.java, JdkZlibIntegrationTest.java}.
- CVE-2025-58057
* SECURITY UPDATE: HTTP request/response smuggling
- debian/patches/CVE-2025-58056.patch: Enforce stricter parsing of line
endings in .../http/{HttpObjectDecoder.java, HttpRequestDecoder.java,
HttpResponseDecoder.java, InvalidChunkExtensionException.java,
InvalidChunkTerminationException.java,
InvalidLineSeparatorException.java} and add tests to
.../http/{HttpRequestDecoderTest.java, HttpResponseDecoderTest.java}.
- CVE-2025-58056
-- Edwin Jiang <email address hidden> Thu, 27 Nov 2025 20:40:26 +0000
|
| CVE-2025-58057 |
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients |
| CVE-2025-58056 |
Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In |
|
About
-
Send Feedback to @ubuntu_updates
