On Mon, Jul 29, 2024 at 09:32:24PM +0200, Moritz Mühlenhoff wrote: > Source: undertow > X-Debbugs-CC: [email protected] > Severity: important > Tags: security > > Hi, > > The following vulnerability was published for undertow. > > CVE-2024-6162[0]: > | A vulnerability was found in Undertow. URL-encoded request path > | information can be broken for concurrent requests on ajp-listener, > | causing the wrong path to be processed and resulting in a possible > | denial of service. > > https://bugzilla.redhat.com/show_bug.cgi?id=2293069
Hi, According to CVE-2024-6162 [1] and the release notes for 2.3.14 [2], this CVE was addressed by the upload of 2.3.18 [3]. Are there any concerns with marking the bug as resolved in 2.3.18-1? Thank you, tony [1] https://www.cve.org/CVERecord?id=CVE-2024-6162 [2] https://github.com/undertow-io/undertow/releases/tag/2.3.14.Final [3] https://tracker.debian.org/news/1600935/accepted-undertow-2318-1-source-into-unstable/ __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
