Bug#948024: undertow: CVE-2019-19343
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 9 05:48:08 GMT 2020
Hi Markus,
On Wed, Jan 08, 2020 at 11:17:45PM +0100, Markus Koschany wrote:
> Hi,
>
> On Fri, 03 Jan 2020 13:34:55 +0100 Salvatore Bonaccorso
> <carnil at debian.org> wrote:
> > Source: undertow
> > Severity: important
> > Tags: security upstream
> >
> > Hi!
> >
> > For undertow, there was CVE-2019-19343 assigned, which refers to
> > https://bugzilla.redhat.com/show_bug.cgi?id=1780445 only. The provided
> > inforamtion is a bit scarce, can you try to find out more on upstream
> > fixes/issues related to it?
> >
> > Regards,
> > Salvatore
>
> To me it looks more like an issue in JBoss Remoting
>
> https://issues.redhat.com/browse/JBEAP-16695
>
> One Red Hat employee claims that the fix is in undertow-core version
> 2.0.26. We have already 2.0.28 and soon 2.0.29 so I think we should mark
> undertow as not affected.
Thanks for looking after it. I have just asked as well on the Red Hat
bug if they can confirm that either a JBoss Remoting specific issue or
if they can point then to the respective fix which was done in
undertow.
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list