netty (1:4.1.48-2) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/java-team/netty.git
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: master
Path: debian/changelog
Browser: https://salsa.debian.org/java-team/netty
Last scan: 2021-03-01 00:51:10+00
Next scan: 2021-03-09 13:15:00+00

Debian changelog in Git:

netty (1:4.1.48-2) unstable; urgency=high

  * Team upload.
  * Fix CVE-2021-21290:
    In Netty there is a vulnerability on Unix-like systems involving an
    insecure temp file. When netty's multipart decoders are used local
    information disclosure can occur via the local system temporary directory
    if temporary storing uploads on the disk is enabled. On unix-like systems,
    the temporary directory is shared between all user. As such, writing to
    this directory using APIs that do not explicitly set the file/directory
    permissions can lead to information disclosure. Thanks to Salvatore
    Bonaccorso for the report. (Closes: #982580)
  * Switch to debhelper-compat = 13.
  * Declare compliance with Debian Policy 4.5.1.

 -- Markus Koschany <apo@debian.org>  Mon, 15 Feb 2021 00:17:55 +0100

This branch is even with tag debian/1%4.1.48-2