jetty9_9.4.50-4+deb12u2_source.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Mon Oct 30 20:36:19 GMT 2023
Thank you for your contribution to Debian.
Mapping stable-security to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Oct 2023 00:30:15 CET
Source: jetty9
Architecture: source
Version: 9.4.50-4+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Checksums-Sha1:
2fa634ac200f34079b9e0e05b2ed7256f016285f 2836 jetty9_9.4.50-4+deb12u2.dsc
9bb22cdbbbd6ae4bc26e17ade6996106bd76a8e4 81324 jetty9_9.4.50-4+deb12u2.debian.tar.xz
4c7fe10326d66f758662f0084e7c86b98f23d001 19078 jetty9_9.4.50-4+deb12u2_amd64.buildinfo
Checksums-Sha256:
68ba1c4e001145d096f1451c910bc0dcb605272ef57e5f112be83804502d5423 2836 jetty9_9.4.50-4+deb12u2.dsc
9074d4c3758e9866cb175f7941fecfa21a274dbcee336e3a7d8e2ef841aa86d6 81324 jetty9_9.4.50-4+deb12u2.debian.tar.xz
3f34327f8ef043d6a1ab9d4c39fe123ee10141f9f04c948df169f1bc279d8bff 19078 jetty9_9.4.50-4+deb12u2_amd64.buildinfo
Changes:
jetty9 (9.4.50-4+deb12u2) bookworm-security; urgency=high
.
* Team upload.
* Fix CVE-2023-36478 and CVE-2023-44487:
Two remotely exploitable security vulnerabilities were discovered in Jetty
9, a Java based web server and servlet engine. The HTTP/2 protocol
implementation did not sufficiently verify if HPACK header values exceed
their size limit. Furthermore the HTTP/2 protocol allowed a denial of
service (server resource consumption) because request cancellation can
reset many streams quickly. This problem is also known as Rapid Reset
Attack.
Files:
b4194daa34e0120c9160babaf39a28be 2836 java optional jetty9_9.4.50-4+deb12u2.dsc
871f1f6bf5c59bb1ce97ce32e903d8a9 81324 java optional jetty9_9.4.50-4+deb12u2.debian.tar.xz
b9bcec8fc656ee3d4f589a6b7642e267 19078 java optional jetty9_9.4.50-4+deb12u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmU+63NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkr2MP/3nzzY4ituvas6qvRiMkQaMB4PcZamqhH+8W
Tt44x82wf4VinGZwK9rk+upz/7v2gjuNi87dzy1EKxpcH3zh8wavoN2D6kA59bpp
pptGif3IPda/Amjv5oCDiaYAE1OD2N52O+Z8OdZvO4GDbt4fC9yJ/3Vq6ZDr0Nle
a+TXJA1IY6T8Fkh8ODE7s4Do/VBOY7759GPH7SoVWsG9TiKdHLm6ITkth/Qr3F/4
JWUjBq4sELOGNAAG04ChGoclr6Xm86UTLifdAZsiGU4q4I5j+pJrOL4wY5Fh4Rge
iGsP8cHxE9SPDFIbkJHA0pyysEBfmnH2HNDXHEVVlYNOsedSw+EqScMWSiU7IwDy
QAl93TG3JFJzia3218NVT3OEitx9JqXo+SoX1a/EqXiHkRp4YdungD+jHfK01PcZ
njnCOxmmkDIS1EhqlnyK6ffE4VSr4z9yg3RMrJ1dr7etwlsK7W+Z9n+Gdr4gIeu/
fnVbhgzgGQ+Pl9ga2ByFqS3Bj2bMsMTFC4kCto7yrod5O9f69Uhv3VsZl+30eieV
ClPbPb69Gb1YSNz8J5+Zyv6Cg4M59kUOzsbWXRrntpMhbAA9Txn2jiXv2STWLRzF
WvKXI2E6dutD4UORdGubtRzWpeS8oywIZCA/RE1ofypMicc3BBKwAjkoeeClETRW
5t39CTJK
=tsXX
-----END PGP SIGNATURE-----
More information about the pkg-java-maintainers
mailing list