Hi Markus, On Wed, Jan 08, 2020 at 11:17:45PM +0100, Markus Koschany wrote: > Hi, > > On Fri, 03 Jan 2020 13:34:55 +0100 Salvatore Bonaccorso > <[email protected]> wrote: > > Source: undertow > > Severity: important > > Tags: security upstream > > > > Hi! > > > > For undertow, there was CVE-2019-19343 assigned, which refers to > > https://bugzilla.redhat.com/show_bug.cgi?id=1780445 only. The provided > > inforamtion is a bit scarce, can you try to find out more on upstream > > fixes/issues related to it? > > > > Regards, > > Salvatore > > To me it looks more like an issue in JBoss Remoting > > https://issues.redhat.com/browse/JBEAP-16695 > > One Red Hat employee claims that the fix is in undertow-core version > 2.0.26. We have already 2.0.28 and soon 2.0.29 so I think we should mark > undertow as not affected.
Thanks for looking after it. I have just asked as well on the Red Hat bug if they can confirm that either a JBoss Remoting specific issue or if they can point then to the respective fix which was done in undertow. Regards, Salvatore __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
