Your message dated Sun, 26 Oct 2025 20:46:33 +0000
with message-id <[email protected]>
and subject line Bug#1103966: fixed in undertow 2.3.20-1
has caused the Debian Bug report #1103966,
regarding undertow: should not be part of trixie
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1103966: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103966
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: undertow
Version: 2.3.18-2
Severity: serious
X-Debbugs-Cc: [email protected]
undertow is a popular Java webserver and servlet engine but also
regularly affected by security relevant issues which makes it
difficult to maintain. As in previous years I recommend to remove
undertow from the testing distribution because
- undertow has no reverse-dependencies in unstable (only one in
experimental)
- we already ship two excellent Java webservers with tomcat and jetty
This bug report serves as a blocking bug so that undertow gets
automatically removed from testing soon
I will close it again as soon as trixie is officially released.
--- End Message ---
--- Begin Message ---
Source: undertow
Source-Version: 2.3.20-1
Done: Markus Koschany <[email protected]>
We believe that the bug you reported is fixed in the latest version of
undertow, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated undertow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 26 Oct 2025 20:56:44 +0100
Source: undertow
Architecture: source
Version: 2.3.20-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Markus Koschany <[email protected]>
Closes: 1103966 1117694
Changes:
undertow (2.3.20-1) unstable; urgency=medium
.
* New upstream version 2.3.20.
- Fix CVE-2025-9784: MadeYouReset DoS attack (Closes: #1117694)
* Refresh the patches.
* Let undertow migrate to testing again because the freeze is over.
(Closes: #1103966)
* Add HttpServletResponseImpl-sendRedirect.patch to fix a FTBFS.
Checksums-Sha1:
8e2253aa66a6da444b7acb07db1ca211ed6c0762 2634 undertow_2.3.20-1.dsc
ef2d828933d226637efd9e8f347660b8b7469d81 1369781 undertow_2.3.20.orig.tar.gz
bfc19308616964ac4efe50a90d21aedb981094ff 8036 undertow_2.3.20-1.debian.tar.xz
5dd2d831b2c6e61d1308c3e0f960215d95e5f632 16958
undertow_2.3.20-1_amd64.buildinfo
Checksums-Sha256:
010b05432cbb535252887c73985b86a176ac7cc4bb6b917fe2111460bf8920e2 2634
undertow_2.3.20-1.dsc
636c86d61135e16fed33ee83721cf51800ac3217ef11a296cc593a6834cdaeb4 1369781
undertow_2.3.20.orig.tar.gz
ba3e80095ab10a714a29298b18ae194134da44bc241699866efdadbab8f512c7 8036
undertow_2.3.20-1.debian.tar.xz
1f7d08ba875f8f2b0e59009bdc5d5b0993639bcdb804af9cfdbe85481c19d46b 16958
undertow_2.3.20-1_amd64.buildinfo
Files:
811dc68ce520cabf93da07de3c55c903 2634 java optional undertow_2.3.20-1.dsc
216d8a2c80681f1635a473123470288a 1369781 java optional
undertow_2.3.20.orig.tar.gz
18ec5c845478b4f14c6abdc454f46693 8036 java optional
undertow_2.3.20-1.debian.tar.xz
b245c0b24f8a2dc8dce40b1ec380c57f 16958 java optional
undertow_2.3.20-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmj+ge1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkau4P/0v9sOrDK9MX7RhwSfpizO2FZNuDumPx3/V3
xrV2AXVLhsmIKc4pcX/S4snlDsGzllN5EMQ0N44EKDcrnLxd7dILCIpf09tnOCDg
9DHQY+gib9p5qxZsRuo8l8L6WQ/fPtGKWh05UnGdAxEhsCmUZ8Bg0H4OKgJ1XVgs
cz2xVYAEIfUmXH2ZlqfW6ef10v8yJ3bR+M9JLpQKEqtySqpjoQAkHpfFrRF21nw/
+QnGvLKvWB1PvntGBW8kLaj+Gum+LP0EfCFcJWooyzySgwZYAo26pjAfeGmvY47V
FaaDvbgEUUxqPEenFIS7GUWVvUZc05Uxx4KNzPil8VCcSUGwjeWCL0lky7icJpdF
spmyOMtODGfr4qI9Nvzy3CRAq912KesEDrywhEMVP37ipPEvryDJpNj+9g3PYM7b
fqtBCRMGCzc82hAYtNKN6fmTYLdUvEx0UZyFdVgJ7WZEp/lv8oJbk4HgZ5oLrvv+
RN68JJ3YW6qqB1iFgfb0BywlRUsaQAhzMBpFRNDSjA6HS5M//Qp3H5McMdvO459k
yLAld1oxVSAkG0hlqWs0pUtshAaeva2RHp8w+DcjRtJ5ie4QZrDQKmwc/EVfZVQS
xMbYX1Av/2kCtno0/4qvgb3bplJKc+6bgRS7nckSJ284tgYWTngET6L75/yL6nOS
kX0sLW1+
=vLqu
-----END PGP SIGNATURE-----
pgpCg6Lgwmw0N.pgp
Description: PGP signature
--- End Message ---
