Your message dated Thu, 4 Sep 2008 19:43:45 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Security issue only apply to Jetty 6.X
has caused the Debian Bug report #462793,
regarding jetty5: CVE-2007-6672 unauthorized disclosure of information
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
462793: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462793
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Source: jetty5
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for jetty5.
CVE-2007-6672[0]:
| Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass
| protection mechanisms and read the source of files via multiple '/'
| (slash) characters in the URI.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6672
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpktBuJbL2vM.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Please see http://docs.codehaus.org/display/JETTY/Jetty+Security
--
Damien Raude-Morvan / www.drazzib.com
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
