Bug#948024: undertow: CVE-2019-19343
Markus Koschany
apo at debian.org
Wed Jan 8 22:17:45 GMT 2020
Hi,
On Fri, 03 Jan 2020 13:34:55 +0100 Salvatore Bonaccorso
<carnil at debian.org> wrote:
> Source: undertow
> Severity: important
> Tags: security upstream
>
> Hi!
>
> For undertow, there was CVE-2019-19343 assigned, which refers to
> https://bugzilla.redhat.com/show_bug.cgi?id=1780445 only. The provided
> inforamtion is a bit scarce, can you try to find out more on upstream
> fixes/issues related to it?
>
> Regards,
> Salvatore
To me it looks more like an issue in JBoss Remoting
https://issues.redhat.com/browse/JBEAP-16695
One Red Hat employee claims that the fix is in undertow-core version
2.0.26. We have already 2.0.28 and soon 2.0.29 so I think we should mark
undertow as not affected.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20200108/bb8f51e7/attachment.sig>
More information about the pkg-java-maintainers
mailing list