Jetty security issue?
Michael Koch
konqueror at gmx.de
Fri Oct 5 05:58:35 UTC 2007
On Thu, Oct 04, 2007 at 08:57:41AM +1000, Greg Wilkins wrote:
> However, if somebody without attitude who knows about
> debian wants to work with me, then I would be VERY please
> to help make non-vulnerable packages of Jetty available
> via debian.
Sorry, if there was any hazzle for you. I'm one of the people working in
the Debian Java Maintainers team. I just uploaded a package of jetty
that includes the patch you posted to fix CVE-2006-6969. Thanks for the
quick reply to this. Thanks very much appreciated.
Jetty is in Debian since a longer time. Problem is that (build-)depends
on non-free runtimes. That is probably the reason why it never got the
love it deserves from a package maintainer. Most people in Debian just
dont care about software that is slightly related to non-free software.
In the last time much happend in FreeJava-world. So this changes slowly.
I will try to put some more love into the jetty package.
Cheers,
Michael
More information about the pkg-java-maintainers
mailing list