Bug#864405: CVE-2016-2666
Markus Koschany
apo at debian.org
Thu Jun 29 15:42:52 UTC 2017
Control: tags -1 -moreinfo
Control: tags -1 pending
Upstream communication was not really great but I believe the issue was
fixed in 1.4.17.
CVE-2017-2666: https://issues.jboss.org/browse/UNDERTOW-1101
Fixing commit:
https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
CVE-2017-2670: https://issues.jboss.org/browse/UNDERTOW-1035
Fixing commit:
https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
Upload is pending.
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20170629/b0973e2b/attachment.sig>
More information about the pkg-java-maintainers
mailing list