[ubuntu/precise-security] jetty 6.1.24-6ubuntu0.12.04.1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Fri Apr 27 13:03:26 UTC 2012
jetty (6.1.24-6ubuntu0.12.04.1) precise-security; urgency=low
* SECURITY UPDATE: denial of service via many hash collisions
- debian/patches/CVE-2011-4461.patch: limit number of form parameters
to avoid a DoS in modules/jetty/src/main/java/org/mortbay/jetty/Request.java,
modules/jetty/src/main/java/org/mortbay/jetty/handler/ContextHandler.java,
modules/jetty/src/test/java/org/mortbay/jetty/RequestTest.java,
modules/util/src/main/java/org/mortbay/util/UrlEncoded.java,
modules/util/src/test/java/org/mortbay/util/URLEncodedTest.java.
- CVE-2011-4461
Date: Mon, 23 Apr 2012 09:26:54 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/jetty/6.1.24-6ubuntu0.12.04.1
-------------- next part --------------
Format: 1.8
Date: Mon, 23 Apr 2012 09:26:54 -0400
Source: jetty
Binary: libjetty-java libjetty-java-doc libjetty-extra-java libjetty-extra jetty
Architecture: source
Version: 6.1.24-6ubuntu0.12.04.1
Distribution: precise-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
jetty - Java servlet engine and webserver
libjetty-extra - Java servlet engine and webserver -- extra libraries
libjetty-extra-java - Java servlet engine and webserver -- extra libraries
libjetty-java - Java servlet engine and webserver -- core libraries
libjetty-java-doc - Javadoc for the Jetty API
Changes:
jetty (6.1.24-6ubuntu0.12.04.1) precise-security; urgency=low
.
* SECURITY UPDATE: denial of service via many hash collisions
- debian/patches/CVE-2011-4461.patch: limit number of form parameters
to avoid a DoS in modules/jetty/src/main/java/org/mortbay/jetty/Request.java,
modules/jetty/src/main/java/org/mortbay/jetty/handler/ContextHandler.java,
modules/jetty/src/test/java/org/mortbay/jetty/RequestTest.java,
modules/util/src/main/java/org/mortbay/util/UrlEncoded.java,
modules/util/src/test/java/org/mortbay/util/URLEncodedTest.java.
- CVE-2011-4461
Checksums-Sha1:
3dc13dd9e227508c11761d139ffcddbac0bc90d3 2724 jetty_6.1.24-6ubuntu0.12.04.1.dsc
0d5672c5d70c068ce34560d39d897c03ab498904 28110 jetty_6.1.24-6ubuntu0.12.04.1.debian.tar.gz
Checksums-Sha256:
d4ed00f4dead2509fc0f99642a111ae58e850b605dd3caa01c3d47a82e1c4509 2724 jetty_6.1.24-6ubuntu0.12.04.1.dsc
8367a16b93c4fd5ac6351afb520c0059191100c1a1681b4b8b56270ea6478960 28110 jetty_6.1.24-6ubuntu0.12.04.1.debian.tar.gz
Files:
94ceb21efb257c5e837fac80db5ab6ce 2724 java optional jetty_6.1.24-6ubuntu0.12.04.1.dsc
3914d5ab1d6b3c4cbf9204088cd8d1af 28110 java optional jetty_6.1.24-6ubuntu0.12.04.1.debian.tar.gz
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
More information about the Precise-changes
mailing list