-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : jetty8 Version : 8.1.3-4+deb7u1 CVE ID : CVE-2017-9735 Debian Bug : 864898
It was discovered that Jetty8, a Java servlet engine and webserver, was vulnerable to a timing attack which might reveal cryptographic credentials such as passwords to a local user. For Debian 7 "Wheezy", these problems have been fixed in version 8.1.3-4+deb7u1. We recommend that you upgrade your jetty8 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAllksFJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRVFQ/9GuN8tga9XwThYVwupn4TOvqpv0xtR5s/C0IefDAuFkaf+pxbKzdaF+Mt Jv1X0qBvDvAkxFoWEKpm1d/cgtRCp2ueqI+8CQyoNVYwlq/QiiWv1K+Ms5qD6MTR 90Q2Ns0Imw8OktPSoZDgSrphA/r/VqaTPw7ZWcJgRSh9uSwQ/ADgBJgYV38CLgHx nzYo2R7YaM5lBhEokx5CUypCoBzIgzzMgQoWNHIiIQpMzq7JQbfsIWPo4pM582gj rDqtkEsgerBLBx1eHRPt5vCVNPiWGk/0+09QDkmbyPdrE9d663jpUhl0A1lC1OTa feghCQn6tqSHpTmzPyJVXpSab/0qhnn0/3X09VEyGney6uKs3EAQLLRvOfi6nhJG nZxWOp8sbgPLgMnl5ynj2YgGhQPHKbRdsPVVtZRmHj9SrCA9bIwCbE8x2pHaOPDi I4hD4tBkCBb1COrkgMrTUEVvkeQhM2SbvE86zpjKRHTytpdPqW+ACK++z23YH3R1 AsNo+WOWV45wbjRqmcOKJJfsipQPX7loAKDpeXlkhsOleUFQtDthFf7H6elVPp8z o+LZttkchcFJxGnL/hXu6FoS0MOJeI9YuQsA9CdwnB2YfTMljxdzHgPcNuRhyjZ5 WnvsrY1hdciNAYmDPbsEVr/Zv2VPQDMaxmRpavHkkOD7dPLix84= =J07d -----END PGP SIGNATURE-----
