Bug#864631: stretch-pu: jetty9/9.2.22-1

To: Emmanuel Bourg <ebourg@apache.org>, 864631@bugs.debian.org
Subject: Bug#864631: stretch-pu: jetty9/9.2.22-1
From: Julien Cristau <jcristau@debian.org>
Date: Sat, 2 Dec 2017 17:47:45 +0100
Message-id: <[🔎] 20171202164745.qewcpzwqq7r62lag@betterave.cristau.org>
Reply-to: Julien Cristau <jcristau@debian.org>, 864631@bugs.debian.org
In-reply-to: <149721681191.22399.6346721143072384694.reportbug@icare.ariane-software.com>
References: <149721681191.22399.6346721143072384694.reportbug@icare.ariane-software.com> <149721681191.22399.6346721143072384694.reportbug@icare.ariane-software.com>

Control: tag -1 moreinfo

On Sun, Jun 11, 2017 at 23:33:31 +0200, Emmanuel Bourg wrote:

> This is a pre-upload request to unblock jetty9/9.2.22-1. This update fixes
> a timing attack in a class checking passwords (no CVE ID has been assigned yet)
> and removes a broken symlink (#857217).
> 
> Note that Jetty 9.2.x is in maintenance mode and receives only critical fixes
> from upstream, that's why I'm suggesting to upload a new version (it mostly
> consists in the security fix anyway).
> 
Sorry for the delay here, looks like this was overlooked as not tagged
properly for a stable update.

The diff from the new version contains a lot of irrelevant changes,
which makes review more time consuming than it needs to be.  Please
prepare a targetted fix for #857217 instead.

Thanks,
Julien

Reply to:

Prev by Date: Re: golang-github-hanwen-go-fuse bug for stable point release?
Next by Date: Processed: Re: Bug#864631: stretch-pu: jetty9/9.2.22-1
Previous by thread: Re: golang-github-hanwen-go-fuse bug for stable point release?
Next by thread: Processed: Re: Bug#864631: stretch-pu: jetty9/9.2.22-1
Index(es):
- Date
- Thread