[Git][security-tracker-team/security-tracker][master] Futher research CVE-2018-1067/undertow: Fixed in 1.4.25-1

Sun Jun 3 20:04:10 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66c2a88c by Salvatore Bonaccorso at 2018-06-03T21:03:01+02:00
Futher research CVE-2018-1067/undertow: Fixed in 1.4.25-1

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -29249,10 +29249,11 @@ CVE-2018-1068 (A flaw was found in the Linux 4.x kernel's implementation of 32-b
 	NOTE: Unprivileged user namespaces are disabled in Debian, this only affects
 	NOTE: non-standard setups
 CVE-2018-1067 (In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the ...)
-	- undertow <unfixed> (bug #900323)
+	- undertow 1.4.25-1 (bug #900323)
 	[stretch] - undertow <no-dsa> (Scheduled for removal on point release)
 	NOTE: https://issues.jboss.org/browse/UNDERTOW-1302
 	NOTE: Issue is incomplete fix for CVE-2016-4993
+	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/85d4478e598105fe94ac152d3e11e388374e8b86 (1.4.25.Final)
 CVE-2018-1066 (The Linux kernel before version 4.11 is vulnerable to a NULL pointer ...)
 	{DSA-4188-1 DSA-4187-1}
 	- linux 4.11.6-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66c2a88cec2738a7d7c40d0b3688ef703e1a34d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/66c2a88cec2738a7d7c40d0b3688ef703e1a34d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180603/9c484053/attachment-0001.html>
