Bug#885576: undertow: CVE-2017-7559: HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)
Markus Koschany
apo at debian.org
Thu Dec 28 17:55:54 UTC 2017
On Thu, 28 Dec 2017 09:55:12 +0100 Salvatore Bonaccorso
<carnil at debian.org> wrote:
> Source: undertow
> Severity: important
> Tags: security
>
> Hi,
>
> the following vulnerability was published for undertow.
>
> There is not much information available if that incomplete fix affects
> us as well. Or which this was fixed upstream. I asked for
> clarification in [1], but might you contact directly as well upstream
> about that?
Hi,
I requested more information about the fix for CVE-2017-12165 in Red
Hat's bug tracker. I couldn't find a recent fixing commit in the
upstream Git repository.
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20171228/f7bfb93f/attachment-0001.sig>
More information about the pkg-java-maintainers
mailing list