Your message dated Tue, 25 Aug 2009 09:43:19 +0200 with message-id <4a939617.2060...@thykier.net> and subject line Fixed - just not closed. has caused the Debian Bug report #528389, regarding CVE-2009-1523: Directory traversal vulnerability in the HTTP server in Mort Bay Jetty to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 528389: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528389 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: jetty Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for jetty. CVE-2009-1523[0]: | Directory traversal vulnerability in the HTTP server in Mort Bay Jetty | before 6.1.17, and 7.0.0.M2 and earlier 7.x versions, allows remote | attackers to access arbitrary files via directory traversal sequences | in the URI. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1523 http://security-tracker.debian.net/tracker/CVE-2009-1523
--- End Message ---
--- Begin Message ---Hi This was fixed in 6.1.19-1, but never closed. The CVE was not in the changelog, however I have filed a new bug asking the jetty uploaders to fix this (#543462). ~Nielssignature.asc
Description: PGP signaturesignature.asc
Description: OpenPGP digital signature
--- End Message ---
_______________________________________________ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers