Bug 30311

Summary: netty new security issues CVE-2021-3713[67], CVE-2021-43797, CVE-2022-41881, and CVE-2022-41915
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Java Stack Maintainers <java>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: geiger.david68210, nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: netty-4.1.51-3.mga9.src.rpm CVE:
Status comment: Fixed upstream in 4.1.86

David Walser 2022-04-20 16:39:36 CEST

Status comment: (none) => Fixed upstream in 4.1.71
Whiteboard: (none) => MGA8TOO

Comment 2 David Walser 2023-01-17 18:32:09 CET 
Debian has issued an advisory on January 11:
https://www.debian.org/security/2023/dsa-5316

It fixes the above issues and two new issues fixed upstream in 4.1.86:
https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp

Summary: netty new security issues CVE-2021-3713[67] and CVE-2021-43797 => netty new security issues CVE-2021-3713[67], CVE-2021-43797, CVE-2022-41881, and CVE-2022-41915
Status comment: Fixed upstream in 4.1.71 => Fixed upstream in 4.1.86

Comment 3 David Walser 2023-05-06 22:58:03 CEST 
Ubuntu has issued an advisory for this on April 28:
https://ubuntu.com/security/notices/USN-6049-1
Comment 4 David Walser 2023-05-09 17:42:13 CEST 
SUSE has issued an advisory for this on May 8:
https://lists.suse.com/pipermail/sle-security-updates/2023-May/014770.html
Comment 5 David GEIGER 2023-06-30 05:46:40 CEST 
netty was removed from cauldron!

Whiteboard: MGA8TOO => (none)
CC: (none) => geiger.david68210
Version: Cauldron => 8

Comment 6 Nicolas Salguero 2024-01-12 09:47:49 CET 
Mageia 8 EOL

CC: (none) => nicolas.salguero
Resolution: (none) => OLD
Status: NEW => RESOLVED