[Git][security-tracker-team/security-tracker][master] CVE-2024-6762,jetty9: fixed in trixie and unstable since 9.4.54-1
Markus Koschany (@apo)
apo at debian.org
Tue Apr 1 18:41:58 BST 2025
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
43939778 by Markus Koschany at 2025-04-01T19:39:25+02:00
CVE-2024-6762,jetty9: fixed in trixie and unstable since 9.4.54-1
This issue has been addressed in 9.4.54-1 by deprecating PushCacheFilter
and PushSessionCacheFilter. I believe the warning is sufficient and no
reverse-dependency is negatively affected by it.
https://github.com/jetty/jetty.project/pull/9716
https://github.com/jetty/jetty.project/pull/10756
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53317,7 +53317,7 @@ CVE-2024-6763 (Eclipse Jetty is a lightweight, highly scalable, Java-based web s
NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh
NOTE: https://github.com/jetty/jetty.project/pull/12012
CVE-2024-6762 (Jetty PushSessionCacheFilter can be exploited by unauthenticated users ...)
- - jetty9 <unfixed> (bug #1085697)
+ - jetty9 9.4.54-1 (bug #1085697)
- jetty <removed>
NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79
NOTE: https://github.com/jetty/jetty.project/pull/9715
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43939778a8192dc09f0871af701cb8204bde9b3b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/43939778a8192dc09f0871af701cb8204bde9b3b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250401/715e6a4e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list