Bug#864405: CVE-2016-2666

Markus Koschany apo at debian.org
Thu Jun 29 15:42:52 UTC 2017


Control: tags -1 -moreinfo
Control: tags -1 pending

Upstream communication was not really great but I believe the issue was
fixed in 1.4.17.

CVE-2017-2666: https://issues.jboss.org/browse/UNDERTOW-1101
Fixing commit:
https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f

CVE-2017-2670: https://issues.jboss.org/browse/UNDERTOW-1035
Fixing commit:
https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d

Upload is pending.

Markus

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20170629/b0973e2b/attachment.sig>


More information about the pkg-java-maintainers mailing list