[SECURITY] [DLA 1021-1] jetty8 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1021-1] jetty8 security update
From: Markus Koschany <apo@debian.org>
Date: Tue, 11 Jul 2017 13:02:43 +0200
Message-id: <[🔎] e53f1669-3ec9-0ec3-593c-9d8ff313db66@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : jetty8
Version        : 8.1.3-4+deb7u1
CVE ID         : CVE-2017-9735
Debian Bug     : 864898

It was discovered that Jetty8, a Java servlet engine and webserver, was
vulnerable to a timing attack which might reveal cryptographic
credentials such as passwords to a local user.

For Debian 7 "Wheezy", these problems have been fixed in version
8.1.3-4+deb7u1.

We recommend that you upgrade your jetty8 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAllksFJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRVFQ/9GuN8tga9XwThYVwupn4TOvqpv0xtR5s/C0IefDAuFkaf+pxbKzdaF+Mt
Jv1X0qBvDvAkxFoWEKpm1d/cgtRCp2ueqI+8CQyoNVYwlq/QiiWv1K+Ms5qD6MTR
90Q2Ns0Imw8OktPSoZDgSrphA/r/VqaTPw7ZWcJgRSh9uSwQ/ADgBJgYV38CLgHx
nzYo2R7YaM5lBhEokx5CUypCoBzIgzzMgQoWNHIiIQpMzq7JQbfsIWPo4pM582gj
rDqtkEsgerBLBx1eHRPt5vCVNPiWGk/0+09QDkmbyPdrE9d663jpUhl0A1lC1OTa
feghCQn6tqSHpTmzPyJVXpSab/0qhnn0/3X09VEyGney6uKs3EAQLLRvOfi6nhJG
nZxWOp8sbgPLgMnl5ynj2YgGhQPHKbRdsPVVtZRmHj9SrCA9bIwCbE8x2pHaOPDi
I4hD4tBkCBb1COrkgMrTUEVvkeQhM2SbvE86zpjKRHTytpdPqW+ACK++z23YH3R1
AsNo+WOWV45wbjRqmcOKJJfsipQPX7loAKDpeXlkhsOleUFQtDthFf7H6elVPp8z
o+LZttkchcFJxGnL/hXu6FoS0MOJeI9YuQsA9CdwnB2YfTMljxdzHgPcNuRhyjZ5
WnvsrY1hdciNAYmDPbsEVr/Zv2VPQDMaxmRpavHkkOD7dPLix84=
=J07d
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1020-1] jetty security update
Next by Date: [SECURITY] [DLA 1022-1] tiff security update
Previous by thread: [SECURITY] [DLA 1020-1] jetty security update
Next by thread: [SECURITY] [DLA 1022-1] tiff security update
Index(es):
- Date
- Thread