Bug#559765: jetty: CVE-2007-6672 info disclosure
Torsten Werner
twerner at debian.org
Mon Dec 7 20:21:14 UTC 2009
tags 559765 + wontfix
thanks
On Mon, Dec 7, 2009 at 5:10 PM, Michael Gilbert
<michael.s.gilbert at gmail.com> wrote:
> changelog notes are not sufficient justification to close a security
> issue. the source needs to be checked against a patch, so please find a
> way to track that down. the easiest way is probably to just ask
> upstream. thanks.
No, I think it is your duty as the bug reporter to prove that the
package is still vulnerable.
Torsten
More information about the pkg-java-maintainers
mailing list