Your message dated Tue, 25 Aug 2009 09:42:32 +0200
with message-id <4a9395e8.1050...@thykier.net>
and subject line Fixed - just not closed.
has caused the Debian Bug report #527571,
regarding CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort Bay
Jetty
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
527571: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527571
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: jetty
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for jetty.
CVE-2009-1524[0]:
| Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before
| 6.1.17 allows remote attackers to inject arbitrary web script or HTML
| via a directory listing request containing a ; (semicolon) character.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1524
http://security-tracker.debian.net/tracker/CVE-2009-1524
http://jira.codehaus.org/browse/JETTY-1004
http://jira.codehaus.org/browse/JETTY-980
http://www.kb.cert.org/vuls/id/402580
Cheers,
Giuseppe.
--- End Message ---
--- Begin Message ---
Hi
This was fixed in 6.1.19-1, but never closed. The CVE was not in the
changelog, however I have filed a new bug asking the jetty uploaders to
fix this (#543462).
~Niels
signature.asc
Description: OpenPGP digital signature
--- End Message ---
