<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/d83ef7149b5293d3b50d93bd0e046211f7e5a9a4">d83ef714</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2018-04-27T06:01:16+02:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add todo for CVE-2018-1067

It is unclear where the issue lies and the Red Hat report does not share

much information. It is known that the CVE CVE-2018-1067 is for an

incomplete fix for CVE-2016-4993. The CVE-2016-4993 is unspecific to

directly an issue in undertow but rather seem to indicate the issue is

in (its use) in WildFly.

This needs more clarification and either mark both as NFU, both

associated with src:undertow with appropriate state (depending on if the

incomplete fix was applied in any Debian released version).

Futher is to check with the maintainer if undertow might just be removed

from Debian.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/d83ef7149b5293d3b50d93bd0e046211f7e5a9a4#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/commit/d83ef7149b5293d3b50d93bd0e046211f7e5a9a4">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/commit/d83ef7149b5293d3b50d93bd0e046211f7e5a9a4"}}</script>

</p>

</div>

</body>

</html>