[Git][security-tracker-team/security-tracker][master] CVE-2018-1114,CVE-2017-12196,undertow: Fixed in unstable.
Markus Koschany
apo at debian.org
Sun May 6 20:45:03 BST 2018
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
088d025e by Markus Koschany at 2018-05-06T21:44:30+02:00
CVE-2018-1114,CVE-2017-12196,undertow: Fixed in unstable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -26157,7 +26157,7 @@ CVE-2018-1115
RESERVED
CVE-2018-1114 [File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service]
RESERVED
- - undertow <unfixed> (bug #897247)
+ - undertow 1.4.25-1 (bug #897247)
NOTE: https://issues.jboss.org/browse/UNDERTOW-1338
NOTE: https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64a
NOTE: https://bugs.openjdk.java.net/browse/JDK-6956385
@@ -44219,7 +44219,7 @@ CVE-2017-12197 (It was found that libpam4j up to and including 1.8 did not prope
NOTE: https://github.com/kohsuke/libpam4j/issues/18
NOTE: (Non-upstream) patch: https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d
CVE-2017-12196 (undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was ...)
- - undertow <unfixed>
+ - undertow 1.4.25-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503055
NOTE: Fixed by https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870
NOTE: See also https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/088d025ede4dec14f5044e3824c344fe2ae01839
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/088d025ede4dec14f5044e3824c344fe2ae01839
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180506/b441cbee/attachment.html>
More information about the debian-security-tracker-commits
mailing list