Register | Log in

undertow

Choose email to subscribe with

general

source: undertow (main)
version: 2.1.3-1
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Markus Koschany [DMD]
arch: all
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

testing: 2.1.3-1
unstable: 2.1.3-1

versioned links

2.1.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libundertow-java
libundertow-java-doc

action needed

5 security issues in sid high

There are 5 open security issues in sid.

5 important issues:

CVE-2020-10719: A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
CVE-2020-1757: A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
CVE-2020-10705: A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.
CVE-2020-10687:
CVE-2019-14888: A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

Please fix them.

Created: 2019-12-20 Last update: 2020-07-06 05:01

5 security issues in bullseye high

There are 5 open security issues in bullseye.

5 important issues:

CVE-2020-10719: A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.
CVE-2020-1757: A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
CVE-2020-10705: A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.
CVE-2020-10687:
CVE-2019-14888: A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

Please fix them.

Created: 2019-12-20 Last update: 2020-07-06 05:01

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2019-08-07 Last update: 2020-07-16 12:04

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libundertow-java-doc could be marked Multi-Arch: foreign

Created: 2017-11-03 Last update: 2020-07-16 12:04

news

[2020-06-10] undertow 2.1.3-1 MIGRATED to testing (Debian testing watch)
[2020-06-04] Accepted undertow 2.1.3-1 (source) into unstable (Markus Koschany)
[2020-05-23] undertow 2.1.1-1 MIGRATED to testing (Debian testing watch)
[2020-05-17] Accepted undertow 2.1.1-1 (source) into unstable (Markus Koschany)
[2020-05-08] undertow 2.1.0-1 MIGRATED to testing (Debian testing watch)
[2020-05-03] Accepted undertow 2.1.0-1 (source) into unstable (Markus Koschany)
[2020-03-26] undertow 2.0.30-1 MIGRATED to testing (Debian testing watch)
[2020-03-21] Accepted undertow 2.0.30-1 (source) into unstable (Markus Koschany)
[2020-01-14] undertow 2.0.29-1 MIGRATED to testing (Debian testing watch)
[2020-01-08] Accepted undertow 2.0.29-1 (source) into unstable (Markus Koschany)
[2019-11-23] undertow 2.0.28-1 MIGRATED to testing (Debian testing watch)
[2019-11-17] Accepted undertow 2.0.28-1 (source) into unstable (Markus Koschany)
[2019-10-26] undertow 2.0.27-1 MIGRATED to testing (Debian testing watch)
[2019-10-20] Accepted undertow 2.0.27-1 (source) into unstable (Markus Koschany)
[2019-09-17] undertow 2.0.26-1 MIGRATED to testing (Debian testing watch)
[2019-09-11] Accepted undertow 2.0.26-1 (source) into unstable (Markus Koschany)
[2019-09-01] undertow 2.0.25-1 MIGRATED to testing (Debian testing watch)
[2019-08-26] Accepted undertow 2.0.25-1 (source) into unstable (Markus Koschany)
[2019-08-07] undertow 2.0.23-1 MIGRATED to testing (Debian testing watch)
[2019-08-02] Accepted undertow 2.0.23-1 (source) into unstable (Markus Koschany)
[2018-12-03] Accepted undertow 1.4.25-2 (source) into unstable (Emmanuel Bourg)
[2018-07-30] undertow REMOVED from testing (Debian testing watch)
[2018-05-12] undertow 1.4.25-1 MIGRATED to testing (Debian testing watch)
[2018-05-06] Accepted undertow 1.4.25-1 (source) into unstable (Markus Koschany)
[2018-04-01] undertow 1.4.23-3 MIGRATED to testing (Debian testing watch)
[2018-03-26] Accepted undertow 1.4.23-3 (source) into unstable (Markus Koschany)
[2018-03-25] Accepted undertow 1.4.23-2 (source) into unstable (Markus Koschany)
[2018-03-05] undertow 1.4.23-1 MIGRATED to testing (Debian testing watch)
[2018-03-02] Accepted undertow 1.4.23-1 (source) into unstable (Markus Koschany)
[2018-01-23] undertow 1.4.22-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.1.3-1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing