Hi, On Fri, 03 Jan 2020 13:34:55 +0100 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: undertow > Severity: important > Tags: security upstream > > Hi! > > For undertow, there was CVE-2019-19343 assigned, which refers to > https://bugzilla.redhat.com/show_bug.cgi?id=1780445 only. The provided > inforamtion is a bit scarce, can you try to find out more on upstream > fixes/issues related to it? > > Regards, > Salvatore
To me it looks more like an issue in JBoss Remoting https://issues.redhat.com/browse/JBEAP-16695 One Red Hat employee claims that the fix is in undertow-core version 2.0.26. We have already 2.0.28 and soon 2.0.29 so I think we should mark undertow as not affected. Regards, Markus
signature.asc
Description: OpenPGP digital signature
