Your message dated Fri, 03 Jan 2025 16:26:48 +0000
with message-id <e1ttkvc-004bfz...@fasolo.debian.org>
and subject line Bug#1068816: fixed in undertow 2.3.18-1
has caused the Debian Bug report #1068816,
regarding undertow: CVE-2024-1459
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1068816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068816
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: undertow
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for undertow.
CVE-2024-1459[0]:
| A path traversal vulnerability was found in Undertow. This issue may
| allow a remote attacker to append a specially-crafted sequence to an
| HTTP request for an application deployed to JBoss EAP, which may
| permit access to privileged or restricted files and directories.
The only reference here is at Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=2259475
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-1459
https://www.cve.org/CVERecord?id=CVE-2024-1459
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: undertow
Source-Version: 2.3.18-1
Done: Markus Koschany <a...@debian.org>
We believe that the bug you reported is fixed in the latest version of
undertow, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1068...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <a...@debian.org> (supplier of updated undertow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 03 Jan 2025 16:21:53 +0100
Source: undertow
Architecture: source
Version: 2.3.18-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Closes: 1054893 1063539 1068815 1068816 1068817 1077545 1077547 1082854
Changes:
undertow (2.3.18-1) unstable; urgency=medium
.
* New upstream version 2.3.18
- Fix CVE-2023-3223: (Closes: #1054893)
- Fix CVE-2023-1973: (Closes: #1068815)
- Fix CVE-2023-4639: (Closes: #1063539)
- Fix CVE-2024-1459: (Closes: #1068816)
- Fix CVE-2024-1635: (Closes: #1068817)
- Fix CVE-2024-3653: (Closes: #1077547)
- Fix CVE-2024-5971: (Closes: #1077545)
Fix CVE-2024-7885: (Closes: #1082854)
* Declare compliance with Debian Policy 4.7.0.
Checksums-Sha1:
13f105f473f99f6b3e880e87fcc2a3c07fb1a628 2634 undertow_2.3.18-1.dsc
4f158d1190d55af3c80dc7f9519e36c3af74cfac 1360090 undertow_2.3.18.orig.tar.gz
80b1c6d95670be6c244be6b2e4506345c9929d56 7604 undertow_2.3.18-1.debian.tar.xz
6d8b0a9c2dea6c1ec8c7b9d65cf141f8c33200e4 17406
undertow_2.3.18-1_amd64.buildinfo
Checksums-Sha256:
135f6cc822dd718daa99f79430cb2e120a167ed73a5984c55ddf33a6596d1503 2634
undertow_2.3.18-1.dsc
8d34be4b06c94f154b4b1c69efe333d65eee4ba0dd57ad21b9cd5a1caa5368e7 1360090
undertow_2.3.18.orig.tar.gz
8f41557a45ca2d9ecabd4f61ef7b9a7136da0b8a0a6f8297b7b649c63eefcd92 7604
undertow_2.3.18-1.debian.tar.xz
9382e75880bb711a88b087765d319a1f8346b9aa5637cf5605198fa78627f4fe 17406
undertow_2.3.18-1_amd64.buildinfo
Files:
40ac4a79a781297e5066aeb953211e93 2634 java optional undertow_2.3.18-1.dsc
432e0ff38abfee1afab67e2ccb05f383 1360090 java optional
undertow_2.3.18.orig.tar.gz
209175e542a0f258ae82e658f0c15c8a 7604 java optional
undertow_2.3.18-1.debian.tar.xz
e1c53794b72d35575fdefe202aef26db 17406 java optional
undertow_2.3.18-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmd4CmlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkLvwQAKUzjvvnzl8foxwcyyWTBraCuCBGiXCAr6FU
v8XjsIAV7lYfB02ZZdgdqiUx/+MvCqP2qLZYec29IktL4tpg95844AhniVoLfYsG
iQsD5vcRKHMMhkEYcj8xDIlabVbLU0YAtJpguS34mNMdtVe/YuhWS2+txLGA9uxo
BR+AuNm8Kz0MNqNAMnIhfjEdThReA3gfEI5i33QzHwU+E6LVOs7bF4JnZy4765QM
QbOvHBOT9MElwHkDekqElVDXkbC+ZDA46vQa1hcEiYyQNyTo7wMJ3PLqWELOlDm+
SySqrMxE3J/Lf5LMAnFFpsYXH5a/bXTnlZzeaOHZqvnHh1wrGo9NuZ/TDUwXWb76
HySe9vo7oP7hHjjNlbjfyh4GkHRbV/zvbW+sPWocjxeI/7uNTD1eJocuMtqOoXmi
XRVOWTs0tiRHwop6oBevg3F2VfNRkcUJ0SXcNWTsRRJTsG2eS05X3EfYchAXoMh6
CNLMPtN9EI/LsgZCZPv3GBpCvijfYrrNf5GIYf4tGE+M9PxhmUKjm0nM4FZCf7Z1
zVZ1WZE3T1aRWamwOrAesd15I9aqbWmKYWPonLt645twVzbRnrH88SzS2LeTDiMK
/JnsfeYwuYTHWwf2bKkDqTl6Tmtch0AC1JvGwwjinNiF4xMByxe+t98ySl1XMaSN
YA68QzAS
=sjUP
-----END PGP SIGNATURE-----
pgp1OdYkj9PHV.pgp
Description: PGP signature
--- End Message ---
