-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : jetty Version : 6.1.26-1+deb7u1 CVE ID : CVE-2017-9735 Debian Bug : 864898
It was discovered that Jetty, a Java servlet engine and webserver, was vulnerable to a timing attack which might reveal cryptographic credentials such as passwords to a local user. For Debian 7 "Wheezy", these problems have been fixed in version 6.1.26-1+deb7u1. We recommend that you upgrade your jetty packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAllisxNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSdDBAAg9C8yZ3mV3MzN1MLoPuJkTg+a8lsQ0hRYsC+nPk8YfGsNVbFJOdPkejh w4rzB7bXsjZML/M/koYbNRrEKyPxnz23mqXbrcYBBnvxIMC4NxQXgmHnvf+ZRBgO 6AHL+oj0sAX9CWwq+kf4qs4ChTNbUY7s7ywD7bP2zC0mfEzjmjxtNWy8vRAzaCv4 w7Z3N+Z2LeohrlMx+gyawgnLKvmxIvA1ugfyvJJM5mNqGSo8qDzMO+bUtf6Zl0O9 gZ8dcXNmj7NtZN+GaCUBNB/M5dRzlXF4QcfkDsMRt5N0/a+hO9cHUqB9mQ0ZidQt 3B65yXoS11qYaUVdgXSKl8fjOmll4MNpSlqJkmrajRFaprA7mEA50Sccap9iQ/HL RkI3qCagWMo2Rt+Bz29CZEvXlxyo6z0E0M9jpz0gdGXbAcya83jxgSY9dQR1UqJa yVI58DILzsRO9h5/wNuFfHRXVUOZMZg8ZWZdvN6EHip01gDGNy932WYvXlwvYkRL GWRBlGQon2wzoafPhfbqSEXbUsKN3C2Z9JhalHRm6qItEK6iuhy0Nj66VhQoZUZA jo1UbXDaPY9344Kz84Y4Y0MiUtE+bBm6GO+YAuuGFgsv1cu1ikgCQKX9xxJDAl9V s/cLj5xqxvQDVAF9x69uM1eSSVWr1wu6uH1L+ncIGiDuyERA1rc= =56ID -----END PGP SIGNATURE-----