Source: jetty9 Version: 9.2.21-1 Severity: important Tags: patch upstream security Forwarded: https://github.com/eclipse/jetty.project/issues/1556
Hi Due to #864631 I realize you are already aware. Filling this bug for tracking purposes since there is no CVE id yet assiged. jetty has a timing channel flaw in Password.java. Upstream bug: https://github.com/eclipse/jetty.project/issues/1556 Regards, Salvatore __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.