[Secure-testing-team] Bug#864898: jetty9: timing channel in Password.java
Salvatore Bonaccorso
carnil at debian.org
Fri Jun 16 18:48:47 UTC 2017
Source: jetty9
Version: 9.2.21-1
Severity: important
Tags: patch upstream security
Forwarded: https://github.com/eclipse/jetty.project/issues/1556
Hi
Due to #864631 I realize you are already aware. Filling this bug for
tracking purposes since there is no CVE id yet assiged.
jetty has a timing channel flaw in Password.java.
Upstream bug: https://github.com/eclipse/jetty.project/issues/1556
Regards,
Salvatore
More information about the Secure-testing-team
mailing list