CVE-2017-12165: It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
CVE-2018-14642: An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.
Please fix them.
The package has not entered testing even though the delay is over
normal
The package has not entered testing even though the 5-day delay is over.Check why.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/u/undertow.png){kind=link}