On Fri, Mar 02, 2018 at 08:46:51PM +0100, Markus Koschany wrote:
> Control: severity -1 important
> I am no longer sure undertow is affected. The issue is marked resolved
> upstream and one of the fixing commits
> https://github.com/wildfly/wildfly/pull/10748/files
> indicates the bug was in WildFly's undertow extension but not in
> Undertow itself. I keep this bug report open for a little while longer
> until UNDERTOW-1295 is resolved and we get more information about the
> vulnerabilities.

Alright, if that turns out to be indeed in WildFly, then the
security-tracker entry should be changed to a NOT-FOR-US. If you don't
want to loose the triage done now, still adding a note would be good.

Thanks a lot for your investigations!


This is the maintainer address of Debian's Java team
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to