Bug#501059: jetty: Should likely not be shipped with Lenny
Moritz Muehlenhoff
jmm at debian.org
Fri Oct 3 18:30:12 UTC 2008
Package: jetty
Severity: serious
When browsing through open security issues in Lenny I noticed that several
Jetty security fixes have been unfixed for quite some time (#454529),
although upstream has posted a patch in July.
Since it's only in contrib, outdated (current upstream releases are 6 and
7), fairly unmaintained (last upload a year ago, unfixed security issue) and
with hardly any users (only three in popcon) we should probably remove
it from Lenny.
(It should be noted that due to Jetty being in contrib it's not
covered by security support, so it doesn't impose additional
security maintenance overhead if left in Lenny).
Cheers,
Moritz
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
More information about the pkg-java-maintainers
mailing list