UbuntuUpdates.org

Package "netty"

Name: netty

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Java NIO client/server socket framework
Latest version: 1:4.1.48-10ubuntu0.25.04.2
Release: plucky (25.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "netty" in Plucky

Repository Area Version
base universe 1:4.1.48-10
security universe 1:4.1.48-10ubuntu0.25.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:4.1.48-10ubuntu0.25.04.2 2025-12-10 04:11:31 UTC

  netty (1:4.1.48-10ubuntu0.25.04.2) plucky-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2025-58057.patch: Adjust how decoders and
      decompressors manage buffers to prevent out-of-memory in
      .../http/HttpContentDecoder.java,
      .../http2/DelegatingDecompressorFrameListener.java,
      .../compression/JZlibDecoder.java, .../compression/JdkZlibDecoder.java,
      and add tests to .../http/HttpContentDecompressorTest.java and
      .../compression/{AbstractIntegrationTest.java,
      JZlibIntegrationTest.java, JdkZlibIntegrationTest.java}.
    - CVE-2025-58057
  * SECURITY UPDATE: HTTP request/response smuggling
    - debian/patches/CVE-2025-58056.patch: Enforce stricter parsing of line
      endings in .../http/{HttpObjectDecoder.java, HttpRequestDecoder.java,
      HttpResponseDecoder.java, InvalidChunkExtensionException.java,
      InvalidChunkTerminationException.java,
      InvalidLineSeparatorException.java} and add tests to
      .../http/{HttpRequestDecoderTest.java, HttpResponseDecoderTest.java}.
    - CVE-2025-58056

 -- Edwin Jiang <email address hidden> Thu, 27 Nov 2025 20:37:27 +0000
Source diff to previous version
CVE-2025-58057 Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients
CVE-2025-58056 Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In

Version: 1:4.1.48-10ubuntu0.25.04.1 2025-10-29 14:07:23 UTC

  netty (1:4.1.48-10ubuntu0.25.04.1) plucky-security; urgency=medium

  * SECURITY UPDATE: email forgery
    - debian/patches/CVE-2025-59419.patch: prevent SMTP injection
    - CVE-2025-59419

 -- Julia Sarris <email address hidden> Thu, 23 Oct 2025 11:33:58 -0400
CVE-2025-59419 Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty con


About   -   Send Feedback to @ubuntu_updates