Package: jetty Severity: important Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for jetty. CVE-2009-4609[0]: | The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote | attackers to obtain sensitive information about internal variables and | other data via a request to a URI ending in /dump/, as demonstrated by | discovering the value of the getPathTranslated variable. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4609 http://security-tracker.debian.org/tracker/CVE-2009-4609 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkuwcpAACgkQNxpp46476aobpgCfWV1CoarFYK6PhFnBuFeOJaJ0 +TUAnjPBnBbwmTjb2bq1WnAmJ8JVMhp6 =M6CT -----END PGP SIGNATURE----- __ This is the Java team's maintainer address <http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
