ELA-168-1 netty security update

RFC7230-compliant header name handling

Related CVEs CVE-2019-16869

Netty mishandled whitespace before the colon in HTTP headers (such as a “Transfer-Encoding : chunked” line), which lead to HTTP request smuggling.

For Debian 7 Wheezy, these problems have been fixed in version 3.2.6.Final-2+deb7u1.

We recommend that you upgrade your netty packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.