[ubuntu/questing-updates] netty 1:4.1.48-10ubuntu0.25.10.2 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Dec 9 22:33:28 UTC 2025
netty (1:4.1.48-10ubuntu0.25.10.2) questing-security; urgency=medium
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2025-58057.patch: Adjust how decoders and
decompressors manage buffers to prevent out-of-memory in
.../http/HttpContentDecoder.java,
.../http2/DelegatingDecompressorFrameListener.java,
.../compression/JZlibDecoder.java, .../compression/JdkZlibDecoder.java,
and add tests to .../http/HttpContentDecompressorTest.java and
.../compression/{AbstractIntegrationTest.java,
JZlibIntegrationTest.java, JdkZlibIntegrationTest.java}.
- CVE-2025-58057
* SECURITY UPDATE: HTTP request/response smuggling
- debian/patches/CVE-2025-58056.patch: Enforce stricter parsing of line
endings in .../http/{HttpObjectDecoder.java, HttpRequestDecoder.java,
HttpResponseDecoder.java, InvalidChunkExtensionException.java,
InvalidChunkTerminationException.java,
InvalidLineSeparatorException.java} and add tests to
.../http/{HttpRequestDecoderTest.java, HttpResponseDecoderTest.java}.
- CVE-2025-58056
Date: 2025-12-08 21:45:11.914369+00:00
Changed-By: Edwin Jiang <edwin.jiang at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/netty/1:4.1.48-10ubuntu0.25.10.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list