-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
>> * According to #554874, the comment in jetty.default is wrong, it >> should say "set it to 0.0.0.0 to listen to all >> interfaces". I can look further into this and try to close that bug, too. > > That would be great yes. OK, so I'll leave the Eclipse testing to you, and I'll be working on getting this bug and (..) > As I recall 6.1.22 is supposed to fix a security issue (one of the two > RC+security bugs); we should have that verified. (...) these other two bugs. First, for the real CVE (Bug #553644), this bug affects 6.1.21. Niels had some Fedora patches in pkg-java svn trunk that fixed that bug. I manually checked that these changes are present in 6.1.22 upstream. I'll still do a second round reading the CVE before marking it as pending. That still leaves the "CVE-that-happened-and-was-solved-before-we-even-packed-that-project" issue. [1] I am tempted to audit the code to close that bug and concurrently do a post in security to ask for some policy decision. I agree there is absolutely no "reasonable doubt" that merits performing such audit and many projects will fall into that situation. OTOH Torsten has made the case that working on this is a waste of resources (I wonder if security will allow us to downgrade the bug to 'wishlist' and rename it to "audit the code for being really sure CVE-2007-6672 doesn't affect us"). I just don't like reading "Tags: security, wontfix", it might scare away potential users of the package ;-) Regards, Pablo [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559765 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJLJxpiAAoJEMJ09r9KJ69qsXkQAMyJHTelRpTX4eWFAT7dhv3U mjC93O/gIPSzSn1QgwXlWRbcvnAsW9N9xhmkq8NN7cEERl0YGFKQrttX2AGHzgWe KhhmKck07GgTwOFiq2Ux0Z2/9n8giTQINrSnKyWPkdnfFWtZbONXfaATcTRr3XnF EHkjz8WXkZOlQul2zqkZbI8K88l0dycBbnJIqSil4Tid5Um9UZ9uPdzmhea2AQPk CD6fEK8HwM/6WIxgqDNbFH3NHRNxeaPAj+5t2gjbkS/t+cYdPOBQJinORSQci9Cl L6djhhBqxZUmmb4ccizmSV7WeRlkZjHwa5I+YyVXy2Z5oyUz5pp/HCJq7p9gSZwp s4oSDM8p3yO9avbhPwbKE/hXS6IaMONv2p9Vc6zaHrNi4ON5nNIbjEnL7mkameb/ O6dSpxgVpm1MvvDWQkHZgOEOzuFFcpqL1J1EQ0RKKVmlVNbtom4Y02Hu5uu0i2Qc Ll9qeHAOXjA1/N7BQrwtz3XpF/xT/o8wTosH07ATzojknzrAS/AJTjHCh3qxXkmv WUcsKgeWJWUS7zPigGuGM4WIZZrqphkNoDszv/3JKW6FEGOo9EO9GIOLcLTn1uGs CPLVf4AOsAyCoZq3196mVAzEGeheyz7C+3B1OxNH+QDQXaa7i82O9wofRICcDWbG mmz37Ibv9RCLlJszRjKd =w89B -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
