ELA-168-1 netty security update

RFC7230-compliant header name handling

2019-09-27
Packagenetty
Version3.2.6.Final-2+deb7u1
Related CVE CVE-2019-16869

Netty mishandled whitespace before the colon in HTTP headers (such as a “Transfer-Encoding : chunked” line), which lead to HTTP request smuggling.

For Debian 7 Wheezy, these problems have been fixed in version 3.2.6.Final-2+deb7u1.

We recommend that you upgrade your netty packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/