jetty9_9.4.39-2_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Sat Jul 3 18:33:33 BST 2021 


Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 03 Jul 2021 19:09:58 +0200
Source: jetty9
Architecture: source
Version: 9.4.39-2
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Markus Koschany <apo at debian.org>
Closes: 989999 990578
Changes:
 jetty9 (9.4.39-2) unstable; urgency=high
 .
   * Team upload.
   * Fix CVE-2021-28169:
     It is possible for requests to the ConcatServlet with a doubly encoded path
     to access protected resources within the WEB-INF directory. For example a
     request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file.
     This can reveal sensitive information regarding the implementation of a web
     application.
   * Fix CVE-2021-34428:
     If an exception is thrown from the SessionListener#sessionDestroyed()
     method, then the session ID is not invalidated in the session ID manager.
     On deployments with clustered sessions and multiple contexts this can
     result in a session not being invalidated. This can result in an
     application used on a shared computer being left logged in.
 .
     Thanks to Salvatore Bonaccorso for the report. (Closes: #989999, #990578)
Checksums-Sha1:
 243a6085339f97a67f0f6fe22cf457b06fbd673f 2750 jetty9_9.4.39-2.dsc
 dc111ddb55b883e94e7b7466f5c73df91e88b597 34032 jetty9_9.4.39-2.debian.tar.xz
 7298bdfc21d956e57802410a44cb9d86cd669c7d 17328 jetty9_9.4.39-2_amd64.buildinfo
Checksums-Sha256:
 cb3fce4e7d6c62fd8f09c9c30e30902428d638ae01b84dee1c51401a8402ed07 2750 jetty9_9.4.39-2.dsc
 9711465b5e92138bf7e80bcaba62a2289fcc264af72c80c9e62088010a7d2a3c 34032 jetty9_9.4.39-2.debian.tar.xz
 b4fe5aea727b3a1cf21688f5d73aad9ec02525bd7f1d232977959e8e1aca5bd8 17328 jetty9_9.4.39-2_amd64.buildinfo
Files:
 1b9692f19cef994219044cb5bbd055e4 2750 java optional jetty9_9.4.39-2.dsc
 a772caca130c93bd4d9f2f7d60cacf2e 34032 java optional jetty9_9.4.39-2.debian.tar.xz
 0e4723be306d6e0b5b078a4983eb9b3a 17328 java optional jetty9_9.4.39-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmDgm6tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkjmEP/2Vt7RCFJY800Vyfa4uRYjrU/BUIvP8kq0DD
jJbCXJP7vk8A2tAh6ye7fE1MHcZzkrvrl1z0WRkdeWrlUK1tK6mX3mLjeMMpnXKz
9XlN6nNIIp42Kc0Um0FxVCKhmc1di/uNLgbJTO2XpZFN6hxhhSeEirNzQSWT1zi4
aOcOfS1jcXgIs13FV4taJHx1CJi3rJcwAMyk+q2j+QWC7bg0Bpmxu2MIubDDSE9p
WchS+ugWw9FWIT3jHQsZlzvMSkwAf6xFMfrfTSLTxrZ0ho/CbifmWA0F9bF78ebj
UtVCuXWfUvqFBn0NUags8fm1Qt92Hm0mMwII6A5bUA7hr0PQ20I1Xmt1FepZ6fey
KPAoiyKHDC3ivhvIs+SgdIdVFE9U8opg3p7U3GKnoWl5YOngGxI4QtyEWMQOtYqV
eV3AIvMJ1J0xjPVO3fEbc+yiosG/NgU90rG1wvo46gGpAqmlA9OiWotg9AJzrbXd
LBs2xWf1GnfMdZ7xOEiO95mNkDVcjn+MjkKQfh2rI4r2HDkw7qTRZk2kbklC1afB
FQTteftSdBaX5Hg58ICpy1Hua+HWsw6RmhXq96wAgd9qxKjPQdsxDt4D+ghUTn1S
lWYLPqY7wXJ/sQi6hi1Y6V0gsTlzkMvf3LdYq/Fy+tYnmLU2llzwZSdpATBtOemF
ygwhd6L3
=FV99
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the pkg-java-maintainers mailing list