<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4485d8c84632762fc13960bfe6573a2af83e5900">4485d8c8</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2020-10-12T10:41:16+02:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update information on CVE-2019-14888/undertow

Upstream is not very transparent here, but the fixed version is noted in

the CVE description as 2.0.28.SP1 (which is possibly after

2.0.28.Final). Checking trough the commits of 2.0.28.Final and

2.0.29.Final reveals one commit matching a denial of service due to a

deadlock in the http2 code.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4485d8c84632762fc13960bfe6573a2af83e5900#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #666;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4485d8c84632762fc13960bfe6573a2af83e5900">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4485d8c84632762fc13960bfe6573a2af83e5900"}}</script>

</p>

</div>

</body>

</html>