Debian Package Tracker

general

source: undertow (main)
version: 1.4.25-2
maintainer: Debian Java Maintainers (archive) [DMD]
uploaders: Markus Koschany [DMD]
arch: all
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

unstable: 1.4.25-2

versioned links

1.4.25-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libundertow-java
libundertow-java-doc

action needed

A new upstream version is available: 2.0.21 high

A new upstream version 2.0.21 is available, you should consider packaging it.

Created: 2018-08-23 Last update: 2019-06-19 06:08

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2019-3888: A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
CVE-2017-12165: It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling.
CVE-2018-14642: An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain data from previous requests.

Please fix them.

Created: 2017-12-14 Last update: 2019-06-16 07:09

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2018-12-09 Last update: 2019-06-19 08:44

lintian reports 24 warnings normal

Lintian reports 24 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2018-04-13 Last update: 2018-12-05 04:53

Multiarch hinter reports 1 issue(s) low

There are issues with the multiarch metadata for this package.

libundertow-java-doc could be marked Multi-Arch: foreign

Created: 2017-11-03 Last update: 2019-06-19 06:09

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2018-12-23 17:15

testing migrations

excuses:
- 197 days old (5 needed)
- Updating undertow introduces new bugs: #903916
- Piuparts tested OK - https://piuparts.debian.org/sid/source/u/undertow.html
- Checking build-dependency on amd64
- Not touching package due to block request by freeze (please contact debian-release if update is needed)
- Not considered

news

[rss feed]

[2018-12-03] Accepted undertow 1.4.25-2 (source) into unstable (Emmanuel Bourg)
[2018-07-30] undertow REMOVED from testing (Debian testing watch)
[2018-05-12] undertow 1.4.25-1 MIGRATED to testing (Debian testing watch)
[2018-05-06] Accepted undertow 1.4.25-1 (source) into unstable (Markus Koschany)
[2018-04-01] undertow 1.4.23-3 MIGRATED to testing (Debian testing watch)
[2018-03-26] Accepted undertow 1.4.23-3 (source) into unstable (Markus Koschany)
[2018-03-25] Accepted undertow 1.4.23-2 (source) into unstable (Markus Koschany)
[2018-03-05] undertow 1.4.23-1 MIGRATED to testing (Debian testing watch)
[2018-03-02] Accepted undertow 1.4.23-1 (source) into unstable (Markus Koschany)
[2018-01-23] undertow 1.4.22-1 MIGRATED to testing (Debian testing watch)
[2018-01-17] Accepted undertow 1.4.22-1 (source) into unstable (Markus Koschany)
[2017-12-09] undertow 1.4.21-2 MIGRATED to testing (Debian testing watch)
[2017-12-03] Accepted undertow 1.4.21-2 (source) into unstable (Markus Koschany)
[2017-11-07] undertow 1.4.21-1 MIGRATED to testing (Debian testing watch)
[2017-11-02] Accepted undertow 1.4.21-1 (source) into unstable (Markus Koschany)
[2017-09-25] undertow 1.4.20-1 MIGRATED to testing (Debian testing watch)
[2017-09-19] Accepted undertow 1.4.20-1 (source) into unstable (Markus Koschany)
[2017-07-15] Accepted undertow 1.4.8-1+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates (Markus Koschany)
[2017-07-05] undertow 1.4.18-1 MIGRATED to testing (Debian testing watch)
[2017-06-29] Accepted undertow 1.4.18-1 (source) into unstable (Markus Koschany)
[2017-01-02] undertow 1.4.8-1 MIGRATED to testing (Debian testing watch)
[2016-12-22] Accepted undertow 1.4.8-1 (source) into unstable (Markus Koschany)
[2016-12-17] Accepted undertow 1.4.7-1 (source) into unstable (Markus Koschany)
[2016-12-04] undertow 1.4.6-1 MIGRATED to testing (Debian testing watch)
[2016-11-28] Accepted undertow 1.4.6-1 (source) into unstable (Markus Koschany)
[2016-11-04] undertow 1.4.4-1 MIGRATED to testing (Debian testing watch)
[2016-10-29] Accepted undertow 1.4.4-1 (source) into unstable (Markus Koschany)
[2016-09-29] undertow 1.4.3-1 MIGRATED to testing (Debian testing watch)
[2016-09-23] Accepted undertow 1.4.3-1 (source) into unstable (Markus Koschany)
[2016-09-14] undertow 1.4.1-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 4
RC: 1
I&N: 3
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 24)
buildd: logs, clang
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.4.25-2