[ubuntu/oneiric-security] jetty 6.1.24-6ubuntu0.11.10.1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Apr 27 13:03:39 UTC 2012


jetty (6.1.24-6ubuntu0.11.10.1) oneiric-security; urgency=low

  * SECURITY UPDATE: denial of service via many hash collisions
    - debian/patches/CVE-2011-4461.patch: limit number of form parameters
      to avoid a DoS in modules/jetty/src/main/java/org/mortbay/jetty/Request.java,
      modules/jetty/src/main/java/org/mortbay/jetty/handler/ContextHandler.java,
      modules/jetty/src/test/java/org/mortbay/jetty/RequestTest.java,
      modules/util/src/main/java/org/mortbay/util/UrlEncoded.java,
      modules/util/src/test/java/org/mortbay/util/URLEncodedTest.java.
    - CVE-2011-4461

Date: Mon, 23 Apr 2012 09:26:54 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/jetty/6.1.24-6ubuntu0.11.10.1
-------------- next part --------------
Format: 1.8
Date: Mon, 23 Apr 2012 09:26:54 -0400
Source: jetty
Binary: libjetty-java libjetty-java-doc libjetty-extra-java libjetty-extra jetty
Architecture: source
Version: 6.1.24-6ubuntu0.11.10.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 jetty      - Java servlet engine and webserver
 libjetty-extra - Java servlet engine and webserver -- extra libraries
 libjetty-extra-java - Java servlet engine and webserver -- extra libraries
 libjetty-java - Java servlet engine and webserver -- core libraries
 libjetty-java-doc - Javadoc for the Jetty API
Changes: 
 jetty (6.1.24-6ubuntu0.11.10.1) oneiric-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via many hash collisions
     - debian/patches/CVE-2011-4461.patch: limit number of form parameters
       to avoid a DoS in modules/jetty/src/main/java/org/mortbay/jetty/Request.java,
       modules/jetty/src/main/java/org/mortbay/jetty/handler/ContextHandler.java,
       modules/jetty/src/test/java/org/mortbay/jetty/RequestTest.java,
       modules/util/src/main/java/org/mortbay/util/UrlEncoded.java,
       modules/util/src/test/java/org/mortbay/util/URLEncodedTest.java.
     - CVE-2011-4461
Checksums-Sha1: 
 fe3d8a73d47f52dccfe60af31d5b3eebfa9d1960 2538 jetty_6.1.24-6ubuntu0.11.10.1.dsc
 f3f164174afe7d31b571c8137f8fda7848ecc10b 28643 jetty_6.1.24-6ubuntu0.11.10.1.debian.tar.gz
Checksums-Sha256: 
 8c73e4f7d774c0413798816d98b71aed55bddd3da2dff58b13d87161935c7a1d 2538 jetty_6.1.24-6ubuntu0.11.10.1.dsc
 9d45cc2f68ff552b7242949ff5ce6481ca781abc532f1aa4a2be27c7266b9923 28643 jetty_6.1.24-6ubuntu0.11.10.1.debian.tar.gz
Files: 
 008eba762e67786b5e28c0d9d9832af3 2538 java optional jetty_6.1.24-6ubuntu0.11.10.1.dsc
 2479ac734d6c7bb41ea287458d1ba457 28643 java optional jetty_6.1.24-6ubuntu0.11.10.1.debian.tar.gz
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>


More information about the Oneiric-changes mailing list