netty (1:4.1.48-2)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/java-team/netty.git
-
- Branch: master
- Path: debian/changelog
- Browser: https://salsa.debian.org/java-team/netty
- Last scan: 2021-03-01 00:51:10+00
- Next scan: 2021-03-09 13:15:00+00
- Debian changelog in Git:
netty (1:4.1.48-2) unstable; urgency=high
* Team upload.
* Fix CVE-2021-21290:
In Netty there is a vulnerability on Unix-like systems involving an
insecure temp file. When netty's multipart decoders are used local
information disclosure can occur via the local system temporary directory
if temporary storing uploads on the disk is enabled. On unix-like systems,
the temporary directory is shared between all user. As such, writing to
this directory using APIs that do not explicitly set the file/directory
permissions can lead to information disclosure. Thanks to Salvatore
Bonaccorso for the report. (Closes: #982580)
* Switch to debhelper-compat = 13.
* Declare compliance with Debian Policy 4.5.1.
-- Markus Koschany <apo@debian.org> Mon, 15 Feb 2021 00:17:55 +0100
- This branch is even with tag debian/1%4.1.48-2