Bug#891929: CVE-2018-1047: information disclosure of arbitrary local files
Markus Koschany
apo at debian.org
Fri Mar 2 19:46:51 UTC 2018
Control: severity -1 important
I am no longer sure undertow is affected. The issue is marked resolved
upstream and one of the fixing commits
https://github.com/wildfly/wildfly/pull/10748/files
indicates the bug was in WildFly's undertow extension but not in
Undertow itself. I keep this bug report open for a little while longer
until UNDERTOW-1295 is resolved and we get more information about the
vulnerabilities.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20180302/dfdae4bf/attachment-0001.sig>
More information about the pkg-java-maintainers
mailing list