Bug#559765: jetty: CVE-2007-6672 info disclosure
Michael Gilbert
michael.s.gilbert at gmail.com
Mon Dec 7 16:10:59 UTC 2009
reopen 559765
thanks
On Mon, 07 Dec 2009 10:38:07 +0100, Niels Thykier wrote:
> I found the upstream bug report[1] where upstream say they have fixed it
> in 6.1.7 (and provide a fix for earlier versions as well) - I saw no
> reason to doubt this.
changelog notes are not sufficient justification to close a security
issue. the source needs to be checked against a patch, so please find a
way to track that down. the easiest way is probably to just ask
upstream. thanks.
mike
More information about the pkg-java-maintainers
mailing list