Hi, some security issues have been found in jetty 6. Please check whether these issues affect jetty in Debian. Maybe CVE-2006-2758 has been fixed in 5.1.10-1?
Thanks for your help. Cheers, Stefan ====================================================== Name: CVE-2006-2758 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2758 Phase: Assigned (20060601) Category: Reference: SECTRACK:1016168 Reference: URL:http://securitytracker.com/id?1016168 Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. ====================================================== Name: CVE-2006-2759 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2759 Phase: Assigned (20060601) Category: Reference: SECTRACK:1016168 Reference: URL:http://securitytracker.com/id?1016168 jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations.
pgp9wjYILj791.pgp
Description: PGP signature
_______________________________________________ pkg-java-maintainers mailing list pkg-java-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-java-maintainers