Back to jetty9 PTS page

Accepted jetty9 9.2.30-0+deb9u2 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted jetty9 9.2.30-0+deb9u2 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 17 Jun 2021 18:20:12 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1ltwce-0007UI-SM@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Jun 2021 17:03:04 +0200
Source: jetty9
Binary: libjetty9-java libjetty9-extra-java jetty9
Architecture: source
Version: 9.2.30-0+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 jetty9     - Java servlet engine and webserver
 libjetty9-extra-java - Java servlet engine and webserver -- extra libraries
 libjetty9-java - Java servlet engine and webserver -- core libraries
Changes:
 jetty9 (9.2.30-0+deb9u2) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2021-28169: requests to the ConcatServlet with a doubly encoded
     path may access protected resources within the WEB-INF directory. For
     example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the
     web.xml file. This can reveal sensitive information regarding the
     implementation of a web application.
Checksums-Sha1:
 36e469f2b1fd0afcf4c05709d0ec2ad6e0827bf9 2508 jetty9_9.2.30-0+deb9u2.dsc
 03e9b2b19c3c579a2accd49c2e498cfbe3ec0196 28708 jetty9_9.2.30-0+deb9u2.debian.tar.xz
 bbb3c55194b4ee5059e41a4f04774524016ce26a 16714 jetty9_9.2.30-0+deb9u2_all.buildinfo
Checksums-Sha256:
 6f8580532afee55fd225842f87accf4d9decb298b5ecebb96b7ad5ff9e213a38 2508 jetty9_9.2.30-0+deb9u2.dsc
 1bbba71157d46ad739dfec41ba3a0a608fcef61b337d0fd40e7ec00c5cae42ed 28708 jetty9_9.2.30-0+deb9u2.debian.tar.xz
 2c825fbd68f20dd49ccc7668e7bf4bcdcaba4682b0967e0fd2a219331ee776ba 16714 jetty9_9.2.30-0+deb9u2_all.buildinfo
Files:
 9fe5c9ba8478b70b142ea9d4b1b1bb94 2508 java optional jetty9_9.2.30-0+deb9u2.dsc
 938f690ff6cadd436aaeadaca5a1fbdc 28708 java optional jetty9_9.2.30-0+deb9u2.debian.tar.xz
 3d47f77b9623773aaaf17ac85012ff64 16714 java optional jetty9_9.2.30-0+deb9u2_all.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmDLjacACgkQDTl9HeUl
XjBYHRAAoNdd6DYuIj/nXKRFB3zuyyMajPtn7LwhmwBccIliOESPocAPeUC+hz0E
LRXsD8zQaN+T9/Ovxgcp55TQv/QzTRi5Mu5gSCmnzaS5+Iy0VXV1H0aAwWl+6SU3
Hishy80gXLR6TiV8HWjD4JWjYIQ235mpuLcCHZbyfBSGQfpsNdVTyOEKr+k2/OW9
sHWICviIUjflICY/Xg8I1n0gBoaJSRQ0uLHrAYdte/9Rqi3IBu1aUcIWshCZJsOp
TLTxOdkaeD9Sw5MGwfYGeTAPsJLvkq+Gh7g6QnMact4IFVzhzrF3+ssiNjZW2Tb+
+hBOWFDCm/qJb/y/koxlbmfW/V8DanIhKCND4LW89+Eqe79PLFZeypom796t54ZA
q1MDokX2qz52UIiDYgyVsPlooIUatIHTJCtX1gCQOCj/5DqFszNcYKHCi4ZpKr3k
3kTVRGo5B15nuQJESVG/YfVqBDByqEnq0rKFPpwCTQ3kXUrfRSQJfwLHHaSqlvfS
vG9a0lVSK6yOW2mZzVxLnyjYeJoYScxdps1MUcBobRIa8gLPgaVdW/In8s7Af/LJ
qTb3f6GBnsYO854gPzkF4KUgPuOkAzYEGONqresDetMP+yh6WYjKYXQNE0vDUqIg
3i4p/C+j5l09FD1IvJo6kU0sQcmfqQmQ8sVBa/I60l63O0+oyl8=
=M7Fr
-----END PGP SIGNATURE-----