Debian Bug report logs -
#575789
CVE-2009-4612: Multiple cross-site scripting (XSS) vulnerabilities
Reported by: Giuseppe Iuculano <iuculano@debian.org>
Date: Mon, 29 Mar 2010 09:24:02 UTC
Severity: serious
Tags: security
Fixed in version 6.1.22-1
Done: Giuseppe Iuculano <iuculano@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
:
Bug#575789
; Package jetty
.
(Mon, 29 Mar 2010 09:24:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <iuculano@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
.
(Mon, 29 Mar 2010 09:24:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: jetty
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for jetty.
CVE-2009-4612[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP
| Snoop page in Mort Bay Jetty 6.1.x through 6.1.21 allow remote
| attackers to inject arbitrary web script or HTML via the PATH_INFO to
| the default URI under (1) jspsnoop/, (2) jspsnoop/ERROR/, and (3)
| jspsnoop/IOException/, and possibly the PATH_INFO to (4) snoop.jsp.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4612
http://security-tracker.debian.org/tracker/CVE-2009-4612
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuwcRIACgkQNxpp46476aqFQACfZT/VLAtvNsFzBdrp3PfkyT+7
wO0An1n6VphW/zuRRLhhZhwstA40+k28
=ExF3
-----END PGP SIGNATURE-----
Reply sent
to Giuseppe Iuculano <iuculano@debian.org>
:
You have taken responsibility.
(Mon, 29 Mar 2010 09:45:09 GMT) (full text, mbox, link).
Notification sent
to Giuseppe Iuculano <iuculano@debian.org>
:
Bug acknowledged by developer.
(Mon, 29 Mar 2010 09:45:10 GMT) (full text, mbox, link).
Message #10 received at 575789-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 6.1.22-1
Sorry, this was already fixed
[signature.asc (application/pgp-signature, attachment)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 27 Apr 2010 07:34:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:11:08 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.