Your message dated Sun, 20 Aug 2023 22:36:39 +0000 with message-id <e1qxr2f-004ebh...@fasolo.debian.org> and subject line Bug#1033253: fixed in undertow 2.3.8-1 has caused the Debian Bug report #1033253, regarding undertow: CVE-2023-1108 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1033253: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033253 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: undertow X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security Hi, The following vulnerability was published for undertow. CVE-2023-1108[0]: https://issues.redhat.com/browse/UNDERTOW-2239 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-1108 https://www.cve.org/CVERecord?id=CVE-2023-1108 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: undertow Source-Version: 2.3.8-1 Done: Markus Koschany <a...@debian.org> We believe that the bug you reported is fixed in the latest version of undertow, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1033...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated undertow package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 21 Aug 2023 00:22:37 CEST Source: undertow Architecture: source Version: 2.3.8-1 Distribution: experimental Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Checksums-Sha1: 803ba8c8ceb173c91852cfe02d81c81314de79b3 2627 undertow_2.3.8-1.dsc fc284fa49e9ccdba72041f78ac202f116740f506 1334342 undertow_2.3.8.orig.tar.gz ddaeb279fd1b0f0ebf281ed7a62079a19fce0da6 7476 undertow_2.3.8-1.debian.tar.xz 5d7311506b741a33a135990066dbc3d596bd934f 16326 undertow_2.3.8-1_amd64.buildinfo Checksums-Sha256: ab7311f704237f2e0a36d9841b86680af5a2a463cbe94794ad3c6105b982038c 2627 undertow_2.3.8-1.dsc b82daac52293fded31176ffbc9dbb303f0dd8c2cb2c6acabd77c7799b16f76d0 1334342 undertow_2.3.8.orig.tar.gz ab992b7006165f369465f729b43cea795c4cb45b6141fb05c2458bdc532e1a9d 7476 undertow_2.3.8-1.debian.tar.xz da12386a95798a74fd6a154f698bba4fd24a1b6af09b4bf1568efd9a614b7aa7 16326 undertow_2.3.8-1_amd64.buildinfo Closes: 1026695 1032087 1033253 Changes: undertow (2.3.8-1) experimental; urgency=medium . * New upstream version 2.3.8. - Fix CVE-2022-4492: (Closes: #1032087) - Fix CVE-2023-1108: (Closes: #1033253) - Builds from source again. (Closes: #1026695) * Declare compliance with Debian Policy 4.6.2. * Switch to Jakarta API. * Drop libundertow-java-doc package. Files: a92c7b6905116e2fbea1484a74a81cce 2627 java optional undertow_2.3.8-1.dsc 64dd4f0579d8fdcf57c606932cbc7e5c 1334342 java optional undertow_2.3.8.orig.tar.gz e678dbf8c4fb60ef3ca33388195c7806 7476 java optional undertow_2.3.8-1.debian.tar.xz 22325f9c0816df524af6a3859f918f38 16326 java optional undertow_2.3.8-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmTikjRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk94cP/2fFPP5Z22A3nL745vFgHnEs1li/fU1A1aqG YLPfwFAKAQkg1LgpHkDkeKrCOlTbGfdvRNKklAK/VoZcHMcZmhm32djILfURW7mh jRijCwl0DlZVo3l0+WpDlH8lCTS/tXuqaycVcv9M7XByT0rDDIYjd/n/pQORNmmA dnO2GaZqyIqG8/3OWSiJSlBV5FmM0Y7zKLgfJAeWzv5+hQluzF5ZIiR+u6w6ZYb4 9Qfj+/L06IfANAuLg3iri7aGwDrvBwwuISisEcOqvs6pw8a4sWP9CGnVs8pQd/j9 qKLwwUB5ni6z7lw9t/XzV4+N+sr8CzCqgtLHqVm6s4KQ7yHGDmiD5kBemoigSxRQ k0sZXTEMr8KNxm6uahBCpWi/6hgV4Bqbm5QQaOQMB7xmjuAWWJqNqmwXzbtkQgPT DUHthWPBePxUD4xeEGQYE6icAdDmTulAAwNx7hnE5FAi9XEzwytRq/RsojX/7LeU dCsPv1yPFYrbPatlQX2nq13CMqiQPY72p/ah4t7EPGtXCv0SFOiM3ueLmniHd1eG S6RJffsYzcwA2a4yZ7M2iGu9OTgPCa1esjhHjXCHY5qs3Blxwh30CjH7HUwWKbd1 gNoh8sRxCSUAHXjpzXEmj9Qrg+W2x240zeQNyLGsI+iyfb9IUFzxvGB8XHE9dCvU nythfoBg =NOav -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
