Ubuntu
jetty package

Change logs for jetty source package in Precise

Precise (12.04)
Change log

jetty (6.1.24-6ubuntu0.12.04.1) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via many hash collisions
    - debian/patches/CVE-2011-4461.patch: limit number of form parameters
      to avoid a DoS in modules/jetty/src/main/java/org/mortbay/jetty/Request.java,
      modules/jetty/src/main/java/org/mortbay/jetty/handler/ContextHandler.java,
      modules/jetty/src/test/java/org/mortbay/jetty/RequestTest.java,
      modules/util/src/main/java/org/mortbay/util/UrlEncoded.java,
      modules/util/src/test/java/org/mortbay/util/URLEncodedTest.java.
    - CVE-2011-4461
 -- Marc Deslauriers <email address hidden>   Mon, 23 Apr 2012 09:26:54 -0400

jetty (6.1.24-6) unstable; urgency=medium

  * Removed Depends on JREs for library packages, no longer required
    by the policy.
  * Added missing depends on JREs for the jetty package.
  * Made init script ignore weird exit statuses from logrotate.
    (Closes: 589681, LP: #607202)
  * Fixed broken restart command in jetty init script. Was missing a
    negation.
 -- Benjamin Drung <email address hidden>   Mon, 05 Jul 2010 22:28:14 +0200

Ubuntujetty package

Change logs for jetty source package in Precise

Ubuntu
jetty package