Debian 10225 Published by

A jetty8 update has been released for Debian 7 LTS



Package : jetty8
Version : 8.1.3-4+deb7u1
CVE ID : CVE-2017-9735
Debian Bug : 864898

It was discovered that Jetty8, a Java servlet engine and webserver, was
vulnerable to a timing attack which might reveal cryptographic
credentials such as passwords to a local user.

For Debian 7 "Wheezy", these problems have been fixed in version
8.1.3-4+deb7u1.

We recommend that you upgrade your jetty8 packages.
  Jetty8 security update for Debian 7 LTS