Your message dated Fri, 23 Sep 2016 18:21:15 +0000 with message-id <e1bnv63-00013x...@franck.debian.org> and subject line Bug#838600: fixed in undertow 1.4.3-1 has caused the Debian Bug report #838600, regarding undertow: CVE-2016-7046: Long URL proxy request lead to java.nio.BufferOverflowException and DoS to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 838600: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838600 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: undertow Version: 1.4.1-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for undertow. CVE-2016-7046[0]: Long URL proxy request lead to java.nio.BufferOverflowException and DoS If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-7046 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: undertow Source-Version: 1.4.3-1 We believe that the bug you reported is fixed in the latest version of undertow, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 838...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated undertow package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 23 Sep 2016 19:18:11 +0200 Source: undertow Binary: libundertow-java libundertow-java-doc Architecture: source Version: 1.4.3-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libundertow-java - flexible performant web server written in Java libundertow-java-doc - Documentation for Undertow Closes: 838600 Changes: undertow (1.4.3-1) unstable; urgency=medium . * New upstream version 1.4.3. - Fixes CVE-2016-7046. (Closes: #838600) Thanks to Salvatore Bonaccorso for the report. * Switch to compat level 10. * debian/watch: Use version=4. Checksums-Sha1: 5550e9e97a6c4a21e319554b8f35350d1d41e4b1 2665 undertow_1.4.3-1.dsc ec6612a15caaaed566bdb27e69121af1c0e7506e 698272 undertow_1.4.3.orig.tar.xz 576b65a0f8b522f2bd4ec9a6dd67a1606b46e2aa 6208 undertow_1.4.3-1.debian.tar.xz Checksums-Sha256: 916d2a03f9237d6bee34d50c01349e60428302233d84db54b635e39bb7c8b9e9 2665 undertow_1.4.3-1.dsc 2ce6df50fc4041f4fe67246958afed9734d1d606d34e262f9aab41f4f59a817b 698272 undertow_1.4.3.orig.tar.xz 2d078b5625ee0e4c443442feae40af20e21d060500c34ce21ae468c995454abc 6208 undertow_1.4.3-1.debian.tar.xz Files: 05916759950cad50beba8c9d01dafe24 2665 java optional undertow_1.4.3-1.dsc 9649d6c3e8bdec0756ab6e34ac58454f 698272 java optional undertow_1.4.3.orig.tar.xz 8534d0ef04547c0766f7c44e3376e8a1 6208 java optional undertow_1.4.3-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKMBAEBCgB2BQJX5Wc8XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0DxxhcG9AZGViaWFuLm9yZwAKCRDZrRS5UTtR5Hy9D/4t 9giaB8TaQHOnIeL5bC0Rv3I9LhNVb6qdWNsr0Qy0E1u71uFH86IbZbmYpbJSdZKT x4PheRJViN+nUZjCPNNKuVv95OmFcyOvLtKIo/QfrlnZI90AtEv8Yj0MCsnD2ZcT oi195zoS/k9QFwegmiB7z7tgUROVcVzsehv1dIfT7DgHNcmvXqvpJq24sZC2GIMi h7tORoQjMMK7es2T07N8y5SbxaHN0CazjFhIoemk1jRSiUzodmIuvHARlnSMKl05 8tb6YmHwQakmUPt7DaNlYsYtUB0dvAswOUanSHso3Ip8S4zZPqHH4fdkQFWLUpR5 3u9DbVsvXTGvr8lgrNNoMTpLPnOdqPK9x4IjFxBhDcTfGpKws2mORn66CO0GI08H 1R6sitxcqntwUTRBOXqyZ0QfG1CXXeHwRtLIz7dz3/bu7208YEtDAwmefPAaqDsH Je9ep5qdEX/PlhRAkCNCE/361idzy3nQ5wXAnopYwwlUHPpWW8nCj9zF8ymYYmw3 9C937eW8i8JZzw5KE9cIW+lRREa8ZCJM6jISgjuNVNUmmk0DfbpZ9UBBFZqrCDex kBZJRLAoW7PYd3FIRLQ48rMVL1HaRtwFuV+SPhM2xLUNMUZ1+jWhRtVKyLH27bSr LQq2koEQvg8hGBq15euZz1syzxkYT0hnHhoJAk7wwA== =yu0i -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
