Accepted jetty 6.1.20-1 (source all amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 06 Sep 2009 23:06:45 +0200
Source: jetty
Binary: libjetty-java libjetty-java-doc libjetty-extra-java libjetty-setuid-java jetty
Architecture: source all amd64
Version: 6.1.20-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Torsten Werner <twerner@debian.org>
Description:
jetty - Java servlet engine and webserver
libjetty-extra-java - Java servlet engine and webserver -- extra libraries
libjetty-java - Java servlet engine and webserver -- core libraries
libjetty-java-doc - Javadoc for the Jetty API
libjetty-setuid-java - Java servlet engine and webserver -- extra libraries
Closes: 425152 452586 454529 454529 458399 498582 527571 527571 528389 528389 530720 540861 543462
Changes:
jetty (6.1.20-1) unstable; urgency=medium
.
[ Niels Thykier ]
* New upstream release.
* Stop using Build-Depends-Indep, since the policy and the build
daemons disagree on when it should be used (Closes: #540861).
* Corrected jetty.install to reflect the move of some license files
in the source tree.
* Bumped to Standard-Versions 3.8.3 - no changes required.
* Updated jetty.post{install,rm} scripts to use "set -e" instead of
passing it to sh.
* Installed "VERSION.txt" as upstream changelog.
* A previous version (6.1.18-1) fixed the following security problems, which
were not mentioned in the changelog: CVE-2007-5613, CVE-2007-5614,
CVE-2007-5615, CVE-2009-1523, and CVE-2009-1524 (see below for more
information).
.
[ Torsten Werner ]
* Set urgency to medium because this version fixes a FTBFS.
.
jetty (6.1.19-2) unstable; urgency=low
.
* Upload to unstable.
.
jetty (6.1.19-1) experimental; urgency=low
.
[ Ludovic Claude ]
* New upstream release fixing a security vulnerability
(cookies are not secure if you are running behind a netscaler).
* Remove the bootstrap patch as it has been added upstream and update
the build to use the new start-daemon component.
* Remove the Build-Depend on quilt as the patch is not needed anymore.
* Add the Maven POM to the package.
* Add a Build-Depends dependency on maven-repo-helper.
* Use mh_installpom and mh_installjar to install the POM and the jar to the
Maven repository.
* Add optional support for web applications located in /usr/share/webapps.
* Add a cron job that cleans up the old log files in /var/log/jetty.
* Register the Javadoc into Debian documentation and put it in a
separate package (libjetty-java-doc).
* Use openjdk-6-jdk for the build; add a Build-Depends on this
package. Required to build the javadoc.
* Update debian/copyright (patch provided by Jan Pascal Vanbest
<janpascal@vanbest.org>).
.
[ Torsten Werner ]
* Add myself to Uploaders.
* Update Standards-Version: 3.8.2.
* Move package libjetty-java-doc to Section: doc.
* Fix init script: check for /etc/default/rcS before reading it.
.
jetty (6.1.18-1) unstable; urgency=low
.
[Ludovic Claude]
* Add myself to Uploaders.
* Change the build dependency on java-gcj to default-jdk.
* Add init.d startup script.
* Add dependencies on ant, libslf4j-java, libxerces2-java, libtomcat6-java
for libjetty-extra-java, add links for the lib folder.
* Add dependency on jsvc to run jetty as a daemon.
* Add the package libjetty-setuid-java for the Setuid module (with native
code).
* Add an index page used when Jetty starts.
* Use latest jasper from Tomcat to provide jsp 2.1 instead of
Glassfish JSP implementation as in the standard distribution.
* Add tools.jar to the classpath to be able to run JSP (Closes: #452586).
* Fix Lintian warnings: add ${misc:Depends} to all Depends.
* Move jetty to main as all its dependencies are in main,
and jetty contains only code that complies with Debian guidelines,
use java section like tomcat6
(Closes: #498582).
* Do not depend on tomcat 5.5 (Closes: #530720, #458399).
* Remove empty prerm and preinst scripts.
* Remove old patches that don't apply anymore.
* Update copyright and remove full text of Apache license.
* Bump up compat to 6 and Standards-Version to 3.8.1.
.
[David Yu]
* New upstream release for jetty
(Closes: #528389, #527571, #454529, #425152).
* Fixed jetty.links. Now delegates install of start.jar to libjetty-java.
.
[ Torsten Werner ]
* fixes several security issues:
- CVE-2007-5613: Cross-site scripting (XSS) vulnerability in Dump Servlet.
- CVE-2007-5614: Quote Sequence vulnerability.
- CVE-2007-5615: CRLF injection vulnerability.
- CVE-2009-1523: Directory traversal vulnerability in the HTTP server in
Mort Bay Jetty.
- CVE-2009-1524: Cross-site scripting (XSS) vulnerability in Mort
Bay Jetty.
(Closes: #454529, #528389, #527571, #543462).
Checksums-Sha1:
cc9fa191dd73d66aedcef05acee5e2d9b1d8016c 1605 jetty_6.1.20-1.dsc
cc2c8784dd9d25be5a89fe3315ef1ab481d0cdba 2051081 jetty_6.1.20.orig.tar.gz
fd0b083a6b199d0aebf6b15f5796f006f4333460 18125 jetty_6.1.20-1.diff.gz
e31651813c90383cb7ddc1cc8069fdfbe082ef5e 769390 libjetty-java_6.1.20-1_all.deb
29182c16ef3ae40947429305ebc251f7d2b34985 745354 libjetty-java-doc_6.1.20-1_all.deb
cf455696221952ccee11e5fb04399792a28fe582 254872 libjetty-extra-java_6.1.20-1_all.deb
4f55ca9d4a04773025e26ab7ba410934f4a6e7d1 848986 jetty_6.1.20-1_all.deb
7642167b67aed0614c2c6eb3f9d92abff97ab4eb 68278 libjetty-setuid-java_6.1.20-1_amd64.deb
Checksums-Sha256:
270ee8453b154f2c9c41e99c14328da7e68eabdfeb1a8bc403e0e8ac4cfbc80a 1605 jetty_6.1.20-1.dsc
213a436999ce5614869a359335c834a7dbb61c4aa94e018e9a801fbc59ffcb49 2051081 jetty_6.1.20.orig.tar.gz
dce11b30abcfda11e9b943d3d5cdf560018c020b411e33b42fd1851fa9dbb1fa 18125 jetty_6.1.20-1.diff.gz
70a60804575b8fd95d730a29d5990140d09a7c046a3fccd13064d1590344bdc4 769390 libjetty-java_6.1.20-1_all.deb
00ac7ffc3c7df0a0ad539c36e65dc8043d62a199c29c200bcff999c5b17b3922 745354 libjetty-java-doc_6.1.20-1_all.deb
2139cb11284b339c8c88f94c3dba37fd30696896edad54caddd534437935342e 254872 libjetty-extra-java_6.1.20-1_all.deb
fae4889da4f0e8769557943164325ead0e2ba0fc5b01d1845171dc4e4764ec8a 848986 jetty_6.1.20-1_all.deb
5b7e3056d86908840d213320485c73d2fce10fc4b383f3ea8338853e70e94636 68278 libjetty-setuid-java_6.1.20-1_amd64.deb
Files:
6951ff5cd4d591e4ecdc3fde42ce1d8b 1605 java optional jetty_6.1.20-1.dsc
891a807131b74b67e2ebaf3c631614e1 2051081 java optional jetty_6.1.20.orig.tar.gz
c1f0540c34722f8c70001a47525f6c1a 18125 java optional jetty_6.1.20-1.diff.gz
4252291b405972d97b2434e22d99a7ab 769390 java optional libjetty-java_6.1.20-1_all.deb
8aa6ee5712c6ad84057cd0aec4223740 745354 doc optional libjetty-java-doc_6.1.20-1_all.deb
20fe0fb192e5a6b7b98abc0e692f5a8d 254872 java optional libjetty-extra-java_6.1.20-1_all.deb
508bf888d8d5f68e6320c5dafdc39541 848986 java optional jetty_6.1.20-1_all.deb
4084484c2e3bd42fd01199f6d1c9986e 68278 java optional libjetty-setuid-java_6.1.20-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqkJ2MACgkQfY3dicTPjsOt4ACgjKmi/dkLbrgo+WbHmryTATFG
/VkAn2OKy6HFaZe6ChA28efD7B+fa26S
=vKvG
-----END PGP SIGNATURE-----
Accepted:
jetty_6.1.20-1.diff.gz
to pool/main/j/jetty/jetty_6.1.20-1.diff.gz
jetty_6.1.20-1.dsc
to pool/main/j/jetty/jetty_6.1.20-1.dsc
jetty_6.1.20-1_all.deb
to pool/main/j/jetty/jetty_6.1.20-1_all.deb
jetty_6.1.20.orig.tar.gz
to pool/main/j/jetty/jetty_6.1.20.orig.tar.gz
libjetty-extra-java_6.1.20-1_all.deb
to pool/main/j/jetty/libjetty-extra-java_6.1.20-1_all.deb
libjetty-java-doc_6.1.20-1_all.deb
to pool/main/j/jetty/libjetty-java-doc_6.1.20-1_all.deb
libjetty-java_6.1.20-1_all.deb
to pool/main/j/jetty/libjetty-java_6.1.20-1_all.deb
libjetty-setuid-java_6.1.20-1_amd64.deb
to pool/main/j/jetty/libjetty-setuid-java_6.1.20-1_amd64.deb