Your message dated Thu, 4 Oct 2007 17:39:27 +0200
with message-id <[EMAIL PROTECTED]>
and subject line jetty should not reenter testing until some security issues
have
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: jetty
Version: 5.1.10-2
Severity: grave
Tags: security
Some security issues have been found in jetty 6:
CVE-2006-2759:
jetty 6.0.x (jetty6) beta16 allows remote attackers to read
arbitrary script source code via a capital P in the .jsp extension,
and probably other mixed case manipulations.
CVE-2006-2758:
Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16
allows remote attackers to read arbitrary files via a %2e%2e%5c
(encoded ../) in the URL.
A request to the maintainers to verify that they are not in present in
jetty 5 has not been answered. Jetty should not reenter testing until
these issues are checked.
PS: The changes file of 5.1.10-2 was quite broken, some of the bugs were
not marked as closed.
--- End Message ---
--- Begin Message ---
Hi,
after talking with upstream about this issue it turned out
that 5.1.10 is not affected by this problem.
Closing this bug then.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpitto5Anuud.pgp
Description: PGP signature
--- End Message ---
_______________________________________________
pkg-java-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
