Package: jetty Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for jetty.
CVE-2009-1524[0]: | Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before | 6.1.17 allows remote attackers to inject arbitrary web script or HTML | via a directory listing request containing a ; (semicolon) character. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1524 http://security-tracker.debian.net/tracker/CVE-2009-1524 http://jira.codehaus.org/browse/JETTY-1004 http://jira.codehaus.org/browse/JETTY-980 http://www.kb.cert.org/vuls/id/402580 Cheers, Giuseppe. _______________________________________________ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers