Hi
I have compared the lists for jetty, jetty8 and jetty9.
jetty8 appears first 2012.
jetty9 appears first 2015.
This means that CVE entries before 2012 are not relevant for jetty8 and
before 2015 not relevant for jetty9.
When I look at the open issues for jetty they look identical, but the
res
On 2018-07-03, Ola Lundqvist wrote:
> jetty8 appears first 2012.
> jetty9 appears first 2015.
>
> This means that CVE entries before 2012 are not relevant for jetty8
> and before 2015 not relevant for jetty9.
That's just wrong; for instance, a CVE-2011- first found to affect
jetty7 could very
On 2018-06-29 21:44:36, Roberto C. Sánchez wrote:
[...]
> This does not appear to be a good approach at the moment, given the
> considerable differences between 8.0 and 8.5.
>
> For the time being, it seems like the best approach is to patch the
> current jessie package for the two outstanding CV
On 2018-06-29 03:41:15, Chris Lamb wrote:
> Antoine,
>
>> >> I am not sure why the test suite fails nor why the output varies from
>> >> one build to the next. Once a package is built, however, it passes the
>> >> test suite reliably.
> […]
>> Sure. I guess I see this from the perspective of "does
Le 30/06/2018 à 20:09, Roberto C. Sánchez a écrit :
> I would very much appreciate your guidance on this so that I can get
> tomcat8 in jessie updated.
Hi Roberto,
Thank a lot for helping with the Tomcat maintenance. The error probably
comes from an expired test certificate or a change in OpenSS
