Control: tag -1 moreinfo On Sun, Jun 11, 2017 at 23:33:31 +0200, Emmanuel Bourg wrote:
> This is a pre-upload request to unblock jetty9/9.2.22-1. This update fixes > a timing attack in a class checking passwords (no CVE ID has been assigned > yet) > and removes a broken symlink (#857217). > > Note that Jetty 9.2.x is in maintenance mode and receives only critical fixes > from upstream, that's why I'm suggesting to upload a new version (it mostly > consists in the security fix anyway). > Sorry for the delay here, looks like this was overlooked as not tagged properly for a stable update. The diff from the new version contains a lot of irrelevant changes, which makes review more time consuming than it needs to be. Please prepare a targetted fix for #857217 instead. Thanks, Julien
