undertow_1.4.8-1+deb9u1_all.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

Sat Jul 15 21:48:43 UTC 2017

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 11 Jul 2017 13:37:02 +0200
Source: undertow
Binary: libundertow-java libundertow-java-doc
Architecture: source all
Version: 1.4.8-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Description:
 libundertow-java - flexible performant web server written in Java
 libundertow-java-doc - Documentation for Undertow
Closes: 864405
Changes:
 undertow (1.4.8-1+deb9u1) stretch-security; urgency=high
 .
   * Fix CVE-2017-2666 and CVE-2017-2670:
     - CVE-2017-2666:
       Prevent HTTP smuggling attacks by making sure messages do not contain
       invalid headers.
     - CVE-2017-2670:
       Fix possible DoS attack. The websocket non clean close can cause IO
       thread to get stuck in a loop.
       (Closes: #864405)
Checksums-Sha1:
 2e16ab23debb026f9505b17a43b855e5937a6301 2725 undertow_1.4.8-1+deb9u1.dsc
 f6ed2e1985dfcae6be76a73e1539b2be045ec1b1 706084 undertow_1.4.8.orig.tar.xz
 145fdbd28398628c00b1683fded4c4d2b5406908 12456 undertow_1.4.8-1+deb9u1.debian.tar.xz
 f569d4832a090eb538d07354e819a5f6f8627ea4 1091152 libundertow-java-doc_1.4.8-1+deb9u1_all.deb
 0b7654c3b6b362c33165a8714d2aa9f51636dfee 2464116 libundertow-java_1.4.8-1+deb9u1_all.deb
 776ffa8299092170231651982f8d179f9e4621db 17258 undertow_1.4.8-1+deb9u1_all.buildinfo
Checksums-Sha256:
 634faf38edc0c8a3a7958e2b1f264e6a8eef707e536c76cbed1231815c03c3a2 2725 undertow_1.4.8-1+deb9u1.dsc
 e8da6d0bbe8de5c98121579a9c66a3a5dbf78c658cc8d49918f979bcf4d4bc76 706084 undertow_1.4.8.orig.tar.xz
 107ed21a1f69440dac6aa902f53e647828e6a0f833e20876448b53b1d48e9cb3 12456 undertow_1.4.8-1+deb9u1.debian.tar.xz
 3614af195f068ad779558d66e1dcef61672cbc593fe6bb7130c1a31b434e82ee 1091152 libundertow-java-doc_1.4.8-1+deb9u1_all.deb
 c356cf9a6ab9bda52798de0ef9f4cc95c933956092662eec79ff80864d58ad67 2464116 libundertow-java_1.4.8-1+deb9u1_all.deb
 1eab1782ea0588244aa8e789751ffc2c211fe68e6f3fd056de27217bea75a74a 17258 undertow_1.4.8-1+deb9u1_all.buildinfo
Files:
 068ef2a306342656ab3dddee8baed18c 2725 java optional undertow_1.4.8-1+deb9u1.dsc
 0cb50df7c574f61b30572db230e4c88f 706084 java optional undertow_1.4.8.orig.tar.xz
 95f4fbe5413ec5a05b016e73499023c8 12456 java optional undertow_1.4.8-1+deb9u1.debian.tar.xz
 10d72657e8f0473c5920341b8a9d6dbc 1091152 doc optional libundertow-java-doc_1.4.8-1+deb9u1_all.deb
 181f644457c6f2eb08ae5006504f0c17 2464116 java optional libundertow-java_1.4.8-1+deb9u1_all.deb
 1a6ba70eff79e6795dc8507e19554213 17258 java optional undertow_1.4.8-1+deb9u1_all.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAllk9zVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk27YP/RhEaMC0sHLyo60lISJZ+QJFeXCo1GurjHdh
6RiUFigOF7zutRttckST61gAYy9zmR6UWGANJgBQ50gV3w3TgIk+zIT9kBQlRjaU
2prhevZsGLImxc5wot+b/g3ND8N2/RBjZc2AUke23+urA50d0VA3mwdg3sZQVCeV
2HCAdLOelI6ZdSuWq6sUNEVIA8e86tefz1WYiAywyqH969/qT4vb+Sq4o/EfVy6z
awZzKwV/OT51G4NncTQHw19RjjITP7yqlIaY1AfiWa7tWEMfw/+M/6NLKgjKbX/I
Z/W8kji1s1fD91elyOi0PFNMxO1j2YGuOzsAQmf+5SzT2JLcWrMbhzBmlcFFTz7M
AtdNNrhpbvyxt+RVgVVvRmMdejQuDtqwCNMMcDtMNUjfJFeqe0uKXfb+yoDfOq2c
fhqPK0mJggb4LrZ5v1hzpU2Lh+i7D/qnLtlsMKjU3DAHRip0Fio50lAaRiZzgFqt
Opk+CvBHU3UeCK5PyY1Xoso9pSaiUmGAoQJUS82Ca9LqJvcrCsPMmNdlSqsmAaJm
JoTdDf7hkjhJSfxPSMIgjaqHRqeak6IrpmKkTU2Y4kA1B61cOIj3KJdal4r2Jmac
HwK5jJacF+oBAPkTxM8seMkAG8lNXpouAkR3+5tzE3LRqNZJlo5YD7ohp+FV4yB9
3k1dIkoE
=Qspr
-----END PGP SIGNATURE-----

Thank you for your contribution to Debian.