Accepted jetty9 9.4.16-0+deb10u2 (source) into oldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted jetty9 9.4.16-0+deb10u2 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 21 Aug 2022 22:10:20 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=Bd6HdmzMgftTqfqiHXqCKJ8iWJFjlRbn+NEMthimkgA=; b=Hs6A8dvydAWbfJ1WCn2/sOLFYC VkT2dheJWpN3tjA2s+4/HKHN6RCi1vh8NlSdzkZoYa4acqUa4Rhm+hPCCtJgOgxdPGlTYw6W1fPcP rU0WLQthISMKtuBnLmOlTUHx8TC7hu6jfAb1KweyxeZXMc0b+p4eABRgjZ1I2JlnzAgqKCJo+Rpp/ AqccNNnYgXfCSedC+R35CDqNUXVHd/MmJrrlraKeaHOtYGwgiq6gshUCsRcGy5M802EX+7awRfSJb Ux9WhWugfmuZ6+Gcs4iWg33G9sL+c8KV3cPRdqyjNmSAd4eABtaCchp0153QYRhFOlkCMwdOqC74F o6SbCYYA==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1oPt9A-0002lk-1J@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 21 Aug 2022 23:51:58 CEST
Source: jetty9
Architecture: source
Version: 9.4.16-0+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
af26bd5c47d45a8c48e2974328a8762bd4ca7974 2776 jetty9_9.4.16-0+deb10u2.dsc
8d01acf7203cb7ca42cc08c81aaaf5b886e1a993 50180 jetty9_9.4.16-0+deb10u2.debian.tar.xz
66a8948ad0e2a4724edd34462ad5f35c72df1057 17787 jetty9_9.4.16-0+deb10u2_amd64.buildinfo
Checksums-Sha256:
67d80c7b9cd80c30dc76b226073c05cffd8470ad68bd773fe3c04ab0446476af 2776 jetty9_9.4.16-0+deb10u2.dsc
bc47cecf0b9ffc412fe8980816bb9bf99282a253a1b58dd21dd8ab61a8cd16f1 50180 jetty9_9.4.16-0+deb10u2.debian.tar.xz
221a96e4f477cee0cb4ba357e4478d334b13cd68ff2be9b61d84d1375aa286ac 17787 jetty9_9.4.16-0+deb10u2_amd64.buildinfo
Changes:
jetty9 (9.4.16-0+deb10u2) buster-security; urgency=high
.
* Team upload.
* Fix CVE-2022-2047:
In Eclipse Jetty the parsing of the authority segment of an http scheme
URI, the Jetty HttpURI class improperly detects an invalid input as a
hostname. This can lead to failures in a Proxy scenario.
* Fix CVE-2022-2048:
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid
HTTP/2 request, the error handling has a bug that can wind up not properly
cleaning up the active connections and associated resources. This can lead
to a Denial of Service scenario where there are no enough resources left to
process good requests.
Files:
2cdad2035bb316328385e07abca82aea 2776 java optional jetty9_9.4.16-0+deb10u2.dsc
e6598f14fc090e7e96feda26724ef6fa 50180 java optional jetty9_9.4.16-0+deb10u2.debian.tar.xz
8fcde6775b1c1535058a3bb4b00251de 17787 java optional jetty9_9.4.16-0+deb10u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmMCqVhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk/BgQALRjNqLcXYWzJnDGWGbeJYPSj8Eb/J7CuhNk
6NjIq5mSn0N2xnc+SZDLlOWSDNysj+4zE52Rkss+vybYi2bjzfz8TsR2qLAZ5PQY
83EVR0yY74e4r+Beilkl5fG07SHFRm5+xcP7CwSofx6YLoK5FfrEqZipCosFQlse
I/kpSR+t4ijGE+mpgqVns5yZqIEXzl9iMK4lVTKx1+Z9Jxk8sT+0ZPvu+B68mgX+
ynfC+StebWX1QmddX/8dJWHpNvEXjKAC+eKhegJcM95tdo4yHljgInPeIlxj+a6o
ZRmOAP2s4CVHUIhw4bISWr0symie+7omY5hZdnjHKY/4aFfXHN1y6V9A9iZ6kMgn
dsLhnDXKqSQydC9aNLi+ghnZjbK+m69s5JmdsY+hN066bx4pOrsl5bMcrVOE8TyJ
pS2voXEMEmYTc7ZIBIjAcBkJoxAM+2Hn6M6NKJZjh1rGZBBeSkjwzo5IH74nq7he
GGHWL93tyVOKwZdhtQgaKXRj7DaJFrRJTKwaS5PyDWPD7Lg7GDraFxzCCBSnk9pR
Kvc9STD4sULRM+JiiCsB/HRV7XQxDObRAd8QHGkuBzsUKXJ1740Y/vuhBV5sVa4V
YUK7hmDng8TNhuLvVm05a4M3uNV98Nw8VTs3PgxCYWA/vxwtE18KNWkQtGKxyKS0
omVuo92e
=rpPX
-----END PGP SIGNATURE-----