Bug#864631: stretch-pu: jetty9/9.2.22-1
Control: tag -1 moreinfo
On Sun, Jun 11, 2017 at 23:33:31 +0200, Emmanuel Bourg wrote:
> This is a pre-upload request to unblock jetty9/9.2.22-1. This update fixes
> a timing attack in a class checking passwords (no CVE ID has been assigned yet)
> and removes a broken symlink (#857217).
>
> Note that Jetty 9.2.x is in maintenance mode and receives only critical fixes
> from upstream, that's why I'm suggesting to upload a new version (it mostly
> consists in the security fix anyway).
>
Sorry for the delay here, looks like this was overlooked as not tagged
properly for a stable update.
The diff from the new version contains a lot of irrelevant changes,
which makes review more time consuming than it needs to be. Please
prepare a targetted fix for #857217 instead.
Thanks,
Julien
Reply to: