Hi, On Fri, 03 Jan 2020 13:34:55 +0100 Salvatore Bonaccorso <[email protected]> wrote: > Source: undertow > Severity: important > Tags: security upstream > > Hi! > > For undertow, there was CVE-2019-19343 assigned, which refers to > https://bugzilla.redhat.com/show_bug.cgi?id=1780445 only. The provided > inforamtion is a bit scarce, can you try to find out more on upstream > fixes/issues related to it? > > Regards, > Salvatore
To me it looks more like an issue in JBoss Remoting https://issues.redhat.com/browse/JBEAP-16695 One Red Hat employee claims that the fix is in undertow-core version 2.0.26. We have already 2.0.28 and soon 2.0.29 so I think we should mark undertow as not affected. Regards, Markus
signature.asc
Description: OpenPGP digital signature
__ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
