[ubuntu/natty-security] jetty 6.1.24-6ubuntu0.11.04.1 (Accepted)

[Marc Deslauriers]

jetty (6.1.24-6ubuntu0.11.04.1) natty-security; urgency=low

  * SECURITY UPDATE: denial of service via many hash collisions
    - debian/patches/CVE-2011-4461.patch: limit number of form parameters
      to avoid a DoS in 
modules/jetty/src/main/java/org/mortbay/jetty/Request.java,
      modules/jetty/src/main/java/org/mortbay/jetty/handler/ContextHandler.java,
      modules/jetty/src/test/java/org/mortbay/jetty/RequestTest.java,
      modules/util/src/main/java/org/mortbay/util/UrlEncoded.java,
      modules/util/src/test/java/org/mortbay/util/URLEncodedTest.java.
    - CVE-2011-4461

Date: Mon, 23 Apr 2012 09:26:54 -0400
Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/jetty/6.1.24-6ubuntu0.11.04.1

Format: 1.8
Date: Mon, 23 Apr 2012 09:26:54 -0400
Source: jetty
Binary: libjetty-java libjetty-java-doc libjetty-extra-java libjetty-extra jetty
Architecture: source
Version: 6.1.24-6ubuntu0.11.04.1
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com>
Description: 
 jetty      - Java servlet engine and webserver
 libjetty-extra - Java servlet engine and webserver -- extra libraries
 libjetty-extra-java - Java servlet engine and webserver -- extra libraries
 libjetty-java - Java servlet engine and webserver -- core libraries
 libjetty-java-doc - Javadoc for the Jetty API
Changes: 
 jetty (6.1.24-6ubuntu0.11.04.1) natty-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via many hash collisions
     - debian/patches/CVE-2011-4461.patch: limit number of form parameters
       to avoid a DoS in 
modules/jetty/src/main/java/org/mortbay/jetty/Request.java,
       
modules/jetty/src/main/java/org/mortbay/jetty/handler/ContextHandler.java,
       modules/jetty/src/test/java/org/mortbay/jetty/RequestTest.java,
       modules/util/src/main/java/org/mortbay/util/UrlEncoded.java,
       modules/util/src/test/java/org/mortbay/util/URLEncodedTest.java.
     - CVE-2011-4461
Checksums-Sha1: 
 88035659244fcd48695c2763bc17022f1ec0298a 2538 jetty_6.1.24-6ubuntu0.11.04.1.dsc
 d5bbcbde7a2fd9774905228a4aa88b87abeefae3 28585 
jetty_6.1.24-6ubuntu0.11.04.1.debian.tar.gz
Checksums-Sha256: 
 1384a9f4611688241e99cea94c55832dd206ac0c5b35e1b1431e166d73e4e7b0 2538 
jetty_6.1.24-6ubuntu0.11.04.1.dsc
 d5117194e8d9667e3eac904e4a259e3b6bcd1115f5111dc85d10164134d51ab9 28585 
jetty_6.1.24-6ubuntu0.11.04.1.debian.tar.gz
Files: 
 96a0858665e1f8b106b155f2d4c65415 2538 java optional 
jetty_6.1.24-6ubuntu0.11.04.1.dsc
 4acf3c1aaff75a3c8b7bf1e5e48b959e 28585 java optional 
jetty_6.1.24-6ubuntu0.11.04.1.debian.tar.gz
Original-Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>

-- 
Natty-changes mailing list
Natty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/natty-changes