Bug#559765: jetty: CVE-2007-6672 info disclosure

2009-12-08 Thread Torsten Werner
Michael Gilbert schrieb: it is much more straightforward to simply check that the existing fix is applied. since you should have a relationship with upstream, it should be relatively straightforward to get a response from them. Upstream states that the package is fixed in version 6.1.7 at

Bug#559765: jetty: CVE-2007-6672 info disclosure

2009-12-08 Thread Michael Gilbert
On Tue, 08 Dec 2009 09:26:54 +0100, Torsten Werner wrote: Michael Gilbert schrieb: it is much more straightforward to simply check that the existing fix is applied. since you should have a relationship with upstream, it should be relatively straightforward to get a response from them.

Bug#559765: jetty: CVE-2007-6672 info disclosure

2009-12-08 Thread Michael Gilbert
this reference may be informative: http://lists.alioth.debian.org/pipermail/secure-testing-team/2009-May/002394.html mike ___ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org

Processed: Re: Bug#559765: jetty: CVE-2007-6672 info disclosure

2009-12-07 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: reopen 559765 Bug #559765 {Done: Niels Thykier ni...@thykier.net} [jetty] jetty: CVE-2007-6672 info disclosure thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator,

Bug#559765: jetty: CVE-2007-6672 info disclosure

2009-12-07 Thread Michael Gilbert
reopen 559765 thanks On Mon, 07 Dec 2009 10:38:07 +0100, Niels Thykier wrote: I found the upstream bug report[1] where upstream say they have fixed it in 6.1.7 (and provide a fix for earlier versions as well) - I saw no reason to doubt this. changelog notes are not sufficient justification to

Processed: Re: Bug#559765: jetty: CVE-2007-6672 info disclosure

2009-12-07 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: tags 559765 + wontfix Bug #559765 [jetty] jetty: CVE-2007-6672 info disclosure Added tag(s) wontfix. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs

Bug#559765: jetty: CVE-2007-6672 info disclosure

2009-12-07 Thread Michael Gilbert
On Mon, 7 Dec 2009 21:21:14 +0100, Torsten Werner wrote: tags 559765 + wontfix thanks On Mon, Dec 7, 2009 at 5:10 PM, Michael Gilbert michael.s.gilb...@gmail.com wrote: changelog notes are not sufficient justification to close a security issue. the source needs to be checked against a

Bug#559765: jetty: CVE-2007-6672 info disclosure

2009-12-06 Thread Michael Gilbert
Package: jetty Version: 6.1.21-1 Severity: serious Tags: security Hi, The following CVE (Common Vulnerabilities Exposures) id was published for jetty. CVE-2007-6672[0]: | Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass | protection mechanisms and read the source of files via