SUSE has issued an advisory today (April 20): https://lists.suse.com/pipermail/sle-security-updates/2022-April/010773.html The issues are fixed upstream in 4.1.71: https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq SUSE updated to 4.1.75. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 4.1.71Whiteboard: (none) => MGA8TOO
Equivalent openSUSE advisory: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OSRKZNBHTNPBXXEBPZVNKUWSIPPLZXJE/
Debian has issued an advisory on January 11: https://www.debian.org/security/2023/dsa-5316 It fixes the above issues and two new issues fixed upstream in 4.1.86: https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp
Summary: netty new security issues CVE-2021-3713[67] and CVE-2021-43797 => netty new security issues CVE-2021-3713[67], CVE-2021-43797, CVE-2022-41881, and CVE-2022-41915Status comment: Fixed upstream in 4.1.71 => Fixed upstream in 4.1.86
Ubuntu has issued an advisory for this on April 28: https://ubuntu.com/security/notices/USN-6049-1
SUSE has issued an advisory for this on May 8: https://lists.suse.com/pipermail/sle-security-updates/2023-May/014770.html
netty was removed from cauldron!
Whiteboard: MGA8TOO => (none)CC: (none) => geiger.david68210Version: Cauldron => 8
Mageia 8 EOL
CC: (none) => nicolas.salgueroResolution: (none) => OLDStatus: NEW => RESOLVED