[pkg-java] r10300 - trunk/jetty/debian

Torsten Werner twerner at alioth.debian.org
Sun Sep 6 21:03:32 UTC 2009 

Author: twerner
Date: 2009-09-06 21:03:31 +0000 (Sun, 06 Sep 2009)
New Revision: 10300

Modified:
   trunk/jetty/debian/changelog
Log:
* A previous version (6.1.18-1) fixed the following security problems, which
  were not mentioned in the changelog: CVE-2007-5613, CVE-2007-5614,
  CVE-2007-5615, CVE-2009-1523, and CVE-2009-1524 (see below for more
  information).
* fixes several security issues:
  - CVE-2007-5613: Cross-site scripting (XSS) vulnerability in Dump Servlet.
  - CVE-2007-5614: Quote Sequence vulnerability.
  - CVE-2007-5615: CRLF injection vulnerability.
  - CVE-2009-1523: Directory traversal vulnerability in the HTTP server in
  Mort Bay Jetty.
  - CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort
  Bay Jetty.
  (Closes: #454529, #528389, #527571, #543462).

Modified: trunk/jetty/debian/changelog
===================================================================
--- trunk/jetty/debian/changelog	2009-09-06 20:25:50 UTC (rev 10299)
+++ trunk/jetty/debian/changelog	2009-09-06 21:03:31 UTC (rev 10300)
@@ -9,17 +9,10 @@
   * Updated jetty.post{install,rm} scripts to use "set -e" instead of
     passing it to sh.
   * Installed "VERSION.txt" as upstream changelog.
-  * The previous version (6.1.19) fixed the following security problems,
-    which were not mentioned in the changelog:
-    - CVE-2007-5613: Cross-site scripting (XSS) vulnerability in Dump
-    Servlet.
-    - CVE-2007-5614: Quote Sequence vulnerability.
-    - CVE-2007-5615: CRLF injection vulnerability.
-    - CVE-2009-1523: Directory traversal vulnerability in the HTTP
-    server in Mort Bay Jetty.
-    - CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort
-    Bay Jetty.
-    (Closes: #454529, #528389, #527571, #543462).
+  * A previous version (6.1.18-1) fixed the following security problems, which
+    were not mentioned in the changelog: CVE-2007-5613, CVE-2007-5614,
+    CVE-2007-5615, CVE-2009-1523, and CVE-2009-1524 (see below for more
+    information).
 
  -- Niels Thykier <niels at thykier.net>  Sun, 06 Sep 2009 18:52:34 +0200
 
@@ -89,6 +82,17 @@
     (Closes: #528389, #527571, #454529, #425152).
   * Fixed jetty.links. Now delegates install of start.jar to libjetty-java.
 
+  [ Torsten Werner ]
+  * fixes several security issues:
+    - CVE-2007-5613: Cross-site scripting (XSS) vulnerability in Dump Servlet.
+    - CVE-2007-5614: Quote Sequence vulnerability.
+    - CVE-2007-5615: CRLF injection vulnerability.
+    - CVE-2009-1523: Directory traversal vulnerability in the HTTP server in
+    Mort Bay Jetty.
+    - CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort
+    Bay Jetty.
+    (Closes: #454529, #528389, #527571, #543462).
+
  -- Ludovic Claude <ludovic.claude at laposte.net>  Fri, 12 Jun 2009 17:19:08 +0100
 
 jetty (5.1.14-1) unstable; urgency=low

More information about the pkg-java-commits mailing list