Your message dated Thu, 29 Jun 2017 16:37:22 +0000 with message-id <e1dqcrw-0003of...@fasolo.debian.org> and subject line Bug#864405: fixed in undertow 1.4.18-1 has caused the Debian Bug report #864405, regarding undertow: CVE-2017-2666 CVE-2017-2670 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864405: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864405 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: undertow Severity: grave Tags: security There's no other reference that what Red Hat published here: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2666 Upstream needs to be contacted or the patch pulled from their update. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: undertow Source-Version: 1.4.18-1 We believe that the bug you reported is fixed in the latest version of undertow, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 864...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated undertow package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 Jun 2017 18:05:28 +0200 Source: undertow Binary: libundertow-java libundertow-java-doc Architecture: source Version: 1.4.18-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libundertow-java - flexible performant web server written in Java libundertow-java-doc - Documentation for Undertow Closes: 864405 Changes: undertow (1.4.18-1) unstable; urgency=medium . * New upstream version 1.4.18. - Fixes CVE-2017-2666 and CVE-2017-2670. (Closes: #864405) * Declare compliance with Debian Policy 4.0.0. * Use https for Format field. * Ignore zanata-maven-plugin. * Ignore karaf submodule. * Add libmaven-bundle-plugin-java to B-D. * Remove lintian-overrides file. Checksums-Sha1: 204dcb3f4f092264294e563a11a7a4c646da0acd 2730 undertow_1.4.18-1.dsc 52435876e13ed57d0e67848a08e25658031bff8c 725100 undertow_1.4.18.orig.tar.xz c9937efd91b5dfd4eb49d7056b50162f5adbca3b 6324 undertow_1.4.18-1.debian.tar.xz af5ee7e4e0176bdf423d3cb147bfde2a22a5cb9e 16278 undertow_1.4.18-1_amd64.buildinfo Checksums-Sha256: 863c9c94603337155cea05979a08e0913c3ee60c732b9cc0bd29b126e72fc466 2730 undertow_1.4.18-1.dsc 82d71e8fd8698df66bf38a96fd2f6c1396dab181f3d8fe5fe9b7676d2f10edf7 725100 undertow_1.4.18.orig.tar.xz e1be1f288b0ae6767d2402929f4efc29e153473cc6fd09615079bd76aad6503a 6324 undertow_1.4.18-1.debian.tar.xz 5819e5759a8a8459e0d726188c8f8af0db738d1d775a3b7082d9e7c4ea959b2c 16278 undertow_1.4.18-1_amd64.buildinfo Files: f7d36380129641a85f3e447d53808d21 2730 java optional undertow_1.4.18-1.dsc d4b15e50692af2e9c0b112a90a622d52 725100 java optional undertow_1.4.18.orig.tar.xz 3cba573ead712fda189606c95b59e35f 6324 java optional undertow_1.4.18-1.debian.tar.xz 6d1cf0c2785e59a0866236b4d58ae785 16278 java optional undertow_1.4.18-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAllVKJZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HknB8P/A+AIlWOEU+btRWf6dQ/o6PEjikn2U2pAgtT SsHuF0e+zvq2rQrJm7jb55qMPbA+e+esCk1PM9YLAtlH0cEZJWjUbGORgZJPKYr6 oQGO6idxy04vk0m5kTy8raziGysNTE8h9OLFcPD8dY8b+75MfMo++m9qx7JqjkZj GslMNG32xi5eGslw8J5dh5zUGdsH2dnTIJXQc9hnPnjt17mmoBaYmhL0qA01ZQUy sz4EO4UVO9uR/b3XizEV4bAbBfWS92w6FQEBYEabQdL2qZ9yzZP8yyA21EFSGc2i EWv1FzVJubZkXCKb5yG+ZVRffydiPvlqEws6xMsZtvMMllLMtuRsynmCzFYGtugA Osjz8blbUshyoMBYpY+yW5v+tJHSnua/70du1D8hfe0iISuNqbQXnapPgu0RBRvo ALJ1H365L9hXLPX83CKYYFmbSB0juNl3p0MBU/tbxgJ33Rkz4vhbPP1gJDUdXxqB b8k78zxWRDJLDlaUbZU69h0Sze78YR/fUCOKJOVDhrDjKKja9MCIbld0RjOaNzsa 3w7Uib9GKRN3hbtGU93qi/8Qx19u8EAu+39y9NHZ6WMZzCjFnouet/tdbyX9hF91 0uaioeWvENjHBOELJIEgLOH2zIakotcHUdta6sF0jn7+oN0H0UmicU6pnUoA8iXZ rhulK4Kq =C7/u -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
