Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libjetty-extra-dbgsym": "6.1.26-1ubuntu1.2", "libjetty-java-doc": "6.1.26-1ubuntu1.2", "jetty": "6.1.26-1ubuntu1.2", "libjetty-extra-java": "6.1.26-1ubuntu1.2", "libjetty-java": "6.1.26-1ubuntu1.2", "libjetty-extra": "6.1.26-1ubuntu1.2" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "libjetty-extra-dbgsym": "6.1.26-5ubuntu0.1", "libjetty-java-doc": "6.1.26-5ubuntu0.1", "libjetty-extra-java": "6.1.26-5ubuntu0.1", "libjetty-java": "6.1.26-5ubuntu0.1", "libjetty-extra": "6.1.26-5ubuntu0.1" } ] }