Your message dated Sat, 15 Jul 2017 21:48:43 +0000
with message-id <e1dwuvb-000a9r...@fasolo.debian.org>
and subject line Bug#864405: fixed in undertow 1.4.8-1+deb9u1
has caused the Debian Bug report #864405,
regarding undertow: CVE-2017-2666 CVE-2017-2670
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
864405: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: undertow
Severity: grave
Tags: security

There's no other reference that what Red Hat published here:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666

Upstream needs to be contacted or the patch pulled from their
update.

Cheers,
        Moritz

--- End Message ---
--- Begin Message ---
Source: undertow
Source-Version: 1.4.8-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
undertow, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 864...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <a...@debian.org> (supplier of updated undertow package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 11 Jul 2017 13:37:02 +0200
Source: undertow
Binary: libundertow-java libundertow-java-doc
Architecture: source all
Version: 1.4.8-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
 libundertow-java - flexible performant web server written in Java
 libundertow-java-doc - Documentation for Undertow
Closes: 864405
Changes:
 undertow (1.4.8-1+deb9u1) stretch-security; urgency=high
 .
   * Fix CVE-2017-2666 and CVE-2017-2670:
     - CVE-2017-2666:
       Prevent HTTP smuggling attacks by making sure messages do not contain
       invalid headers.
     - CVE-2017-2670:
       Fix possible DoS attack. The websocket non clean close can cause IO
       thread to get stuck in a loop.
       (Closes: #864405)
Checksums-Sha1:
 2e16ab23debb026f9505b17a43b855e5937a6301 2725 undertow_1.4.8-1+deb9u1.dsc
 f6ed2e1985dfcae6be76a73e1539b2be045ec1b1 706084 undertow_1.4.8.orig.tar.xz
 145fdbd28398628c00b1683fded4c4d2b5406908 12456 
undertow_1.4.8-1+deb9u1.debian.tar.xz
 f569d4832a090eb538d07354e819a5f6f8627ea4 1091152 
libundertow-java-doc_1.4.8-1+deb9u1_all.deb
 0b7654c3b6b362c33165a8714d2aa9f51636dfee 2464116 
libundertow-java_1.4.8-1+deb9u1_all.deb
 776ffa8299092170231651982f8d179f9e4621db 17258 
undertow_1.4.8-1+deb9u1_all.buildinfo
Checksums-Sha256:
 634faf38edc0c8a3a7958e2b1f264e6a8eef707e536c76cbed1231815c03c3a2 2725 
undertow_1.4.8-1+deb9u1.dsc
 e8da6d0bbe8de5c98121579a9c66a3a5dbf78c658cc8d49918f979bcf4d4bc76 706084 
undertow_1.4.8.orig.tar.xz
 107ed21a1f69440dac6aa902f53e647828e6a0f833e20876448b53b1d48e9cb3 12456 
undertow_1.4.8-1+deb9u1.debian.tar.xz
 3614af195f068ad779558d66e1dcef61672cbc593fe6bb7130c1a31b434e82ee 1091152 
libundertow-java-doc_1.4.8-1+deb9u1_all.deb
 c356cf9a6ab9bda52798de0ef9f4cc95c933956092662eec79ff80864d58ad67 2464116 
libundertow-java_1.4.8-1+deb9u1_all.deb
 1eab1782ea0588244aa8e789751ffc2c211fe68e6f3fd056de27217bea75a74a 17258 
undertow_1.4.8-1+deb9u1_all.buildinfo
Files:
 068ef2a306342656ab3dddee8baed18c 2725 java optional undertow_1.4.8-1+deb9u1.dsc
 0cb50df7c574f61b30572db230e4c88f 706084 java optional 
undertow_1.4.8.orig.tar.xz
 95f4fbe5413ec5a05b016e73499023c8 12456 java optional 
undertow_1.4.8-1+deb9u1.debian.tar.xz
 10d72657e8f0473c5920341b8a9d6dbc 1091152 doc optional 
libundertow-java-doc_1.4.8-1+deb9u1_all.deb
 181f644457c6f2eb08ae5006504f0c17 2464116 java optional 
libundertow-java_1.4.8-1+deb9u1_all.deb
 1a6ba70eff79e6795dc8507e19554213 17258 java optional 
undertow_1.4.8-1+deb9u1_all.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAllk9zVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk27YP/RhEaMC0sHLyo60lISJZ+QJFeXCo1GurjHdh
6RiUFigOF7zutRttckST61gAYy9zmR6UWGANJgBQ50gV3w3TgIk+zIT9kBQlRjaU
2prhevZsGLImxc5wot+b/g3ND8N2/RBjZc2AUke23+urA50d0VA3mwdg3sZQVCeV
2HCAdLOelI6ZdSuWq6sUNEVIA8e86tefz1WYiAywyqH969/qT4vb+Sq4o/EfVy6z
awZzKwV/OT51G4NncTQHw19RjjITP7yqlIaY1AfiWa7tWEMfw/+M/6NLKgjKbX/I
Z/W8kji1s1fD91elyOi0PFNMxO1j2YGuOzsAQmf+5SzT2JLcWrMbhzBmlcFFTz7M
AtdNNrhpbvyxt+RVgVVvRmMdejQuDtqwCNMMcDtMNUjfJFeqe0uKXfb+yoDfOq2c
fhqPK0mJggb4LrZ5v1hzpU2Lh+i7D/qnLtlsMKjU3DAHRip0Fio50lAaRiZzgFqt
Opk+CvBHU3UeCK5PyY1Xoso9pSaiUmGAoQJUS82Ca9LqJvcrCsPMmNdlSqsmAaJm
JoTdDf7hkjhJSfxPSMIgjaqHRqeak6IrpmKkTU2Y4kA1B61cOIj3KJdal4r2Jmac
HwK5jJacF+oBAPkTxM8seMkAG8lNXpouAkR3+5tzE3LRqNZJlo5YD7ohp+FV4yB9
3k1dIkoE
=Qspr
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to