Bug#891929: CVE-2018-1047: information disclosure of arbitrary local files

Markus Koschany apo at debian.org
Fri Mar 2 19:46:51 UTC 2018


Control: severity -1 important

I am no longer sure undertow is affected. The issue is marked resolved
upstream and one of the fixing commits

https://github.com/wildfly/wildfly/pull/10748/files

indicates the bug was in WildFly's undertow extension but not in
Undertow itself. I keep this bug report open for a little while longer
until UNDERTOW-1295 is resolved and we get more information about the
vulnerabilities.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20180302/dfdae4bf/attachment-0001.sig>


More information about the pkg-java-maintainers mailing list