Michael Gilbert schrieb:
it is much more straightforward to simply check that the
existing fix is applied. since you should have a relationship with
upstream, it should be relatively straightforward to get a response
from them.
Upstream states that the package is fixed in version 6.1.7 at
On Tue, 08 Dec 2009 09:26:54 +0100, Torsten Werner wrote:
Michael Gilbert schrieb:
it is much more straightforward to simply check that the
existing fix is applied. since you should have a relationship with
upstream, it should be relatively straightforward to get a response
from them.
this reference may be informative:
http://lists.alioth.debian.org/pipermail/secure-testing-team/2009-May/002394.html
mike
___
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
Processing commands for cont...@bugs.debian.org:
reopen 559765
Bug #559765 {Done: Niels Thykier ni...@thykier.net} [jetty] jetty:
CVE-2007-6672 info disclosure
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator,
reopen 559765
thanks
On Mon, 07 Dec 2009 10:38:07 +0100, Niels Thykier wrote:
I found the upstream bug report[1] where upstream say they have fixed it
in 6.1.7 (and provide a fix for earlier versions as well) - I saw no
reason to doubt this.
changelog notes are not sufficient justification to
Processing commands for cont...@bugs.debian.org:
tags 559765 + wontfix
Bug #559765 [jetty] jetty: CVE-2007-6672 info disclosure
Added tag(s) wontfix.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian Bugs
On Mon, 7 Dec 2009 21:21:14 +0100, Torsten Werner wrote:
tags 559765 + wontfix
thanks
On Mon, Dec 7, 2009 at 5:10 PM, Michael Gilbert
michael.s.gilb...@gmail.com wrote:
changelog notes are not sufficient justification to close a security
issue. the source needs to be checked against a
Package: jetty
Version: 6.1.21-1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) id was
published for jetty.
CVE-2007-6672[0]:
| Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass
| protection mechanisms and read the source of files via
8 matches
Mail list logo