[undertow] 02/02: Update changelog
Markus Koschany
apo at moszumanska.debian.org
Tue Jul 11 14:01:00 UTC 2017
This is an automated email from the git hooks/post-receive script.
apo pushed a commit to branch stretch
in repository undertow.
commit 0e8feebe686508c5094eeb82b34b82e333ea9d4c
Author: Markus Koschany <apo at debian.org>
Date: Tue Jul 11 13:43:06 2017 +0200
Update changelog
---
debian/changelog | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index cc7d3db..3e2c2ae 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+undertow (1.4.8-1+deb9u1) stretch-security; urgency=high
+
+ * Fix CVE-2017-2666 and CVE-2017-2670:
+ - CVE-2017-2666:
+ Prevent HTTP smuggling attacks by making sure messages do not contain
+ invalid headers.
+ - CVE-2017-2670:
+ Fix possible DoS attack. The websocket non clean close can cause IO
+ thread to get stuck in a loop.
+ (Closes: #864405)
+
+ -- Markus Koschany <apo at debian.org> Tue, 11 Jul 2017 13:37:02 +0200
+
undertow (1.4.8-1) unstable; urgency=medium
* New upstream version 1.4.8.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/undertow.git
More information about the pkg-java-commits
mailing list