ELA-1110-1 netty security update
[DSA 5715-2] composer regression update
ELA-1110-1 netty security update
Package : netty
Version : 1:4.1.7-2+deb9u5 (stretch)
Related CVEs :
CVE-2024-29025
Julien Viet discovered that Netty, a Java NIO client/server socket framework,
was vulnerable to allocation of resources without limits or throttling due to
the accumulation of data in the HttpPostRequestDecoder. This would allow an
attacker to cause a denial of service.
[DSA 5715-2] composer regression update
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5715-2 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 24, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : composer
The update for composer released as DSA 5715 introduced a regression
in the handling of git feature branches. Updated composer packages
are now available to address this issue.
For the oldstable distribution (bullseye), these problems have been fixed
in version 2.0.9-2+deb11u4.
The stable distribution (bookworm) is not affected.
We recommend that you upgrade your composer packages.
For the detailed security status of composer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/composer
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
