Your message dated Fri, 02 Mar 2018 20:53:30 +0000
with message-id <e1errgi-000j9x...@fasolo.debian.org>
and subject line Bug#885576: fixed in undertow 1.4.23-1
has caused the Debian Bug report #885576,
regarding undertow: CVE-2017-7559: HTTP Request smuggling vulnerability 
(incomplete fix of CVE-2017-2666)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
885576: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885576
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: undertow
Severity: important
Tags: security

Hi,

the following vulnerability was published for undertow.

There is not much information available if that incomplete fix affects
us as well. Or which this was fixed upstream. I asked for
clarification in [1], but might you contact directly as well upstream
about that?

CVE-2017-7559[0]:
HTTP Request smuggling vulnerability (incomplete fix of CVE-2017-2666)

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-7559
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7559
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1481665#c7

Please adjust the affected versions in the BTS as needed, since not
yet clear, no affected version added.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: undertow
Source-Version: 1.4.23-1

We believe that the bug you reported is fixed in the latest version of
undertow, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 885...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Markus Koschany <a...@debian.org> (supplier of updated undertow package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 02 Mar 2018 20:29:02 +0100
Source: undertow
Binary: libundertow-java libundertow-java-doc
Architecture: source
Version: 1.4.23-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
 libundertow-java - flexible performant web server written in Java
 libundertow-java-doc - Documentation for Undertow
Closes: 885576
Changes:
 undertow (1.4.23-1) unstable; urgency=high
 .
   * New upstream version 1.4.23.
     - Fix CVE-2017-7559: HTTP Request smuggling vulnerability.
       (Closes: #885576)
Checksums-Sha1:
 72a5ef2d7938b20888c685f266c47354873ebf61 2744 undertow_1.4.23-1.dsc
 642a8b5d2a68d58c50dc467f564d7ed8babc8111 1140326 undertow_1.4.23.orig.tar.gz
 d41a0fc18914dee12f05fe56bc4c2d95b06fac0a 6964 undertow_1.4.23-1.debian.tar.xz
 9ee28bf0180fb05682b932fcc0eba025da74b0f5 17622 
undertow_1.4.23-1_amd64.buildinfo
Checksums-Sha256:
 7b334bf53115e850841afadd590e3b9a60df6b8368e1f4f5b9f502251e8a22eb 2744 
undertow_1.4.23-1.dsc
 4be5486812d0dd2d824a90684e6f739a7c3f7e13678d0a2799ea3376c02c3203 1140326 
undertow_1.4.23.orig.tar.gz
 bcf7efd95c2b323d6b6324fb43ee87ec9acb2929cec6ac4db2ee8b01c0b21869 6964 
undertow_1.4.23-1.debian.tar.xz
 600f31e565fde4b1ffbcb229948463b5ee72b96bfa9d4175085088402d0fecf3 17622 
undertow_1.4.23-1_amd64.buildinfo
Files:
 7728e4ef234616810327ba6833d508df 2744 java optional undertow_1.4.23-1.dsc
 d925b1d93b68d8f6b611ffe7682236a8 1140326 java optional 
undertow_1.4.23.orig.tar.gz
 b5326b8a4e34fce4ffcd5292130cd8ea 6964 java optional 
undertow_1.4.23-1.debian.tar.xz
 797e2f21007d5dbf3594e9b139f942f8 17622 java optional 
undertow_1.4.23-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqZqMBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkfbsQAJYGONq2ls1edNovfhhkfb1MJfvrDJSmvrjX
Q2PNzv1yRBJidb6c/0elRC0CH2jFl6OOqYSE0wkXttmlen6bXi4lTiQd82BiNRy4
Umb5+LIJgJYv6s1vD6UWBeUcXzbeHuhSzbhywBzmP/Fcv8m+F4yrR+Ovhk31uITw
ymN6Vm6FTYsTRGZinYTuKz1mX1Qp+TQkW1lIZEb1hJpUiXivZrVO9UWo/bMLwY0d
1rd9V7Z7tbMfsKWOCpU1v/C5O/1el3ynUUvbnPxUX3Z97KaZphaNTA2UyOoVYhEu
yf960fxCZo3eOYWxEH8uK3Es5w02b4dql4/c0jTXBKQlAse7VcGfsRXrvzuJcV7v
3kd0kQdNZAnnc32TM/X5Mcp8QpBmf6Aq9yB90pJPFcfDS0lcK7P7SDrDgc3Lb6ID
8v5u5qL2dJi8lIwGYricLqf/Jcd0Y4lLNCTHoyjHB4QHxk0tzFd4BnFz3yNvau9f
keBFJprCM8M9GabHCLe4g/rGwckjtg4Eb0t8z1ET6j7A13wsFqE4EpibHEewfpIS
kQEbWgh59343XkmrJH+bWNnxeiJ2PraP8+qXAgcdlfm9qBofgFwKDFtWEiO3ZB2T
Uvzb/yBz796siF1T3777a+eyT0b36vP9cKNg4StliiWvE4pL5jcVZtpgzb6+Z1jx
R7wAXUAV
=L21W
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to