Bug#1016448: marked as done (undertow: CVE-2022-1319 CVE-2021-3629)

Debian Bug Tracking System Tue, 02 Aug 2022 10:51:15 -0700

Your message dated Tue, 02 Aug 2022 19:46:35 +0200
with message-id <422cc868717105b4f7c2dfbdab16c724d0e64731.ca...@debian.org>
and subject line Re: undertow: CVE-2022-1319 CVE-2021-3629
has caused the Debian Bug report #1016448,
regarding undertow: CVE-2022-1319 CVE-2021-3629
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1016448: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016448
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security

Hi,

The following vulnerabilities were published for undertow.

CVE-2022-1319[0]:
https://bugzilla.redhat.com/show_bug.cgi?id=2073890


CVE-2021-3629[1]:
| A flaw was found in Undertow. A potential security issue in flow
| control handling by the browser over http/2 may potentially cause
| overhead or a denial of service in the server. The highest threat from
| this vulnerability is availability. This flaw affects Undertow
| versions prior to 2.0.40.Final and prior to 2.2.11.Final.

https://bugzilla.redhat.com/show_bug.cgi?id=1977362

Make sure to also address followup tracked as CVE-2022-1259:
https://bugzilla.redhat.com/show_bug.cgi?id=2072339
        

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-1319
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1319
[1] https://security-tracker.debian.org/tracker/CVE-2021-3629
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3629

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

according to Red Hat CVE-2021-3629 was fixed in version 2.2.11. The first
fixing version in Debian was 2.2.12. No further details are available

See https://bugzilla.redhat.com/show_bug.cgi?id=1977362


CVE-2022-1319 was fixed in 2.2.17

See https://access.redhat.com/errata/RHSA-2022:4918

and the original Red Hat bug report

https://bugzilla.redhat.com/show_bug.cgi?id=2073890

No further details are available

signature.asc
Description: This is a digitally signed message part

--- End Message ---

Bug#1016448: marked as done (undertow: CVE-2022-1319 CVE-2021-3629)

Reply via email to