Your message dated Tue, 25 Aug 2009 09:43:19 +0200
with message-id <4a939617.2060...@thykier.net>
and subject line Fixed - just not closed.
has caused the Debian Bug report #528389,
regarding CVE-2009-1523: Directory traversal vulnerability in the HTTP server
in Mort Bay Jetty
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
528389: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528389
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: jetty
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for jetty.
CVE-2009-1523[0]:
| Directory traversal vulnerability in the HTTP server in Mort Bay Jetty
| before 6.1.17, and 7.0.0.M2 and earlier 7.x versions, allows remote
| attackers to access arbitrary files via directory traversal sequences
| in the URI.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1523
http://security-tracker.debian.net/tracker/CVE-2009-1523
--- End Message ---
--- Begin Message ---
Hi
This was fixed in 6.1.19-1, but never closed. The CVE was not in the
changelog, however I have filed a new bug asking the jetty uploaders to
fix this (#543462).
~Niels
signature.asc
Description: PGP signature
signature.asc
Description: OpenPGP digital signature
--- End Message ---
_______________________________________________
pkg-java-maintainers mailing list
pkg-java-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers
