diff --git a/.cvsignore b/.cvsignore
index b8974e4..5e1ca9b 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1,2 @@
jetty-5.1.12.fedora.zip
+jetty-5.1.14.fedora.tgz
diff --git a/jetty-CERT438616-CERT237888-CERT21284.patch b/jetty-CERT438616-CERT237888-CERT21284.patch
new file mode 100644
index 0000000..964f047
--- /dev/null
+++ b/jetty-CERT438616-CERT237888-CERT21284.patch
@@ -0,0 +1,178 @@
+Index: src/org/mortbay/http/HttpFields.java
+===================================================================
+RCS file: /cvsroot/jetty/Jetty/src/org/mortbay/http/HttpFields.java,v
+retrieving revision 1.77
+diff -r1.77 HttpFields.java
+1461a1462
+> value=StringUtil.noCRLF(value);
+Index: src/org/mortbay/http/HttpResponse.java
+===================================================================
+RCS file: /cvsroot/jetty/Jetty/src/org/mortbay/http/HttpResponse.java,v
+retrieving revision 1.62
+diff -r1.62 HttpResponse.java
+21a22
+> import java.util.Date;
+22a24
+> import java.util.List;
+462a465,519
+> public void addDateField(String name, Date date)
+> {
+> super.addDateField(sanitize(name),date);
+> }
+>
+> public void addDateField(String name, long date)
+> {
+> super.addDateField(sanitize(name),date);
+> }
+>
+> public void addField(String name, String value) throws IllegalStateException
+> {
+> super.addField(sanitize(name),sanitize(value));
+> }
+>
+> public void addIntField(String name, int value)
+> {
+> super.addIntField(sanitize(name),value);
+> }
+>
+> public void setContentType(String contentType)
+> {
+> super.setContentType(sanitize(contentType));
+> }
+>
+> public void setDateField(String name, Date date)
+> {
+> super.setDateField(sanitize(name),date);
+> }
+>
+> public void setDateField(String name, long date)
+> {
+> super.setDateField(sanitize(name),date);
+> }
+>
+> public void setField(String name, List value)
+> {
+> super.setField(sanitize(name),value);
+> }
+>
+> public String setField(String name, String value)
+> {
+> return super.setField(sanitize(name),sanitize(value));
+> }
+>
+> public void setIntField(String name, int value)
+> {
+> super.setIntField(sanitize(name),value);
+> }
+>
+> private String sanitize(String s)
+> {
+> return StringUtil.noCRLF(s);
+> }
+>
+Index: src/org/mortbay/servlet/Dump.java
+===================================================================
+RCS file: /cvsroot/jetty/Jetty/src/org/mortbay/servlet/Dump.java,v
+retrieving revision 1.42
+diff -r1.42 Dump.java
+46a47
+> import org.mortbay.util.StringUtil;
+169a171,173
+> response.setHeader("Ok","value");
+> response.setHeader("ztu\r\n\r\npid","val\r\n\r\nue");
+> response.addCookie(new Cookie("Stu'pid","val\r\n\r\nue"));
+177c181,198
+< Table table= new Table(0).cellPadding(0).cellSpacing(0);
+---
+> Table table= new Table(0)
+> {
+> public Table addCell(Object o)
+> {
+> if (o!=null && o instanceof String)
+> {
+> String s = (String)o;
+> s=StringUtil.replace(s,"\r\n","
");
+> s=StringUtil.replace(s,"\n","
");
+> s=StringUtil.replace(s,"<","<");
+> s=StringUtil.replace(s,">",">");
+> o=s;
+> }
+> return super.addCell(o);
+> }
+> };
+>
+> table.cellPadding(0).cellSpacing(0);
+360c381
+< table.addCell("
" + toString(request.getAttribute(name)) + ""); +--- +> table.addCell(toString(request.getAttribute(name))); +378c399 +< table.addCell("
" + toString(getInitParameter(name)) + ""); +--- +> table.addCell(toString(getInitParameter(name))); +395c416 +< table.addCell("
" + toString(getServletContext().getInitParameter(name)) + ""); +--- +> table.addCell(toString(getServletContext().getInitParameter(name))); +412c433 +< table.addCell("
" + toString(getServletContext().getAttribute(name)) + ""); +--- +> table.addCell(toString(getServletContext().getAttribute(name))); +435c456 +< table.addCell("
" + multi.getString(parts[p]) + ""); +--- +> table.addCell(multi.getString(parts[p])); +Index: src/org/mortbay/util/StringUtil.java +=================================================================== +RCS file: /cvsroot/jetty/Jetty/src/org/mortbay/util/StringUtil.java,v +retrieving revision 1.16 +diff -r1.16 StringUtil.java +286a287,292 +> +> /* ------------------------------------------------------------ */ +> public static String noCRLF(String s) +> { +> if (s==null || s.length()==0) +> return s; +287a294,334 +> StringBuffer buf = null; +> int i=0; +> loop: +> for (;i