Accepted jetty9 9.4.50-4+deb12u2 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted jetty9 9.4.50-4+deb12u2 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 04 Nov 2023 12:47:08 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: jetty9_9.4.50-4+deb12u2_source.changes
- Debian-source: jetty9
- Debian-suite: proposed-updates
- Debian-version: 9.4.50-4+deb12u2
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=oC0+1p4K7yd4XuW5XQ0aYphMSFykjwSP3sOPs45aHLc=; b=AAMyQwwz8xSof6qBfdvTfJcFny J0Y1QV2d9ZIXGCitKSUw/we/CVHNO5sjQPXySxxNbvqx3vHtfaMYsLQa/UQjquXqHYYH60v2b+FCX POjFlbGs1r80I8lho9RjN5vjfhobKa8olp+GJIXP8spJsi93MK3E/WejhyRQrkSdML5bzluG+MZgf NOFteRP/xRM/mYjcnvwqQdrxTrj/lT706jiloOaGlIgyF+n/tMr9pFtSWd0VDbkuzycwWL64WpW1A SfriDY0OlmlwsaFYYzgvsnkabDz2E/Xr4oPSesnGL78JdXuFe9pXnlGVPOzL7WA5l8jfDcqzHXN3Y w5szkWVQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qzG3Q-001I7L-26@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Oct 2023 00:30:15 CET
Source: jetty9
Architecture: source
Version: 9.4.50-4+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
2fa634ac200f34079b9e0e05b2ed7256f016285f 2836 jetty9_9.4.50-4+deb12u2.dsc
9bb22cdbbbd6ae4bc26e17ade6996106bd76a8e4 81324 jetty9_9.4.50-4+deb12u2.debian.tar.xz
4c7fe10326d66f758662f0084e7c86b98f23d001 19078 jetty9_9.4.50-4+deb12u2_amd64.buildinfo
Checksums-Sha256:
68ba1c4e001145d096f1451c910bc0dcb605272ef57e5f112be83804502d5423 2836 jetty9_9.4.50-4+deb12u2.dsc
9074d4c3758e9866cb175f7941fecfa21a274dbcee336e3a7d8e2ef841aa86d6 81324 jetty9_9.4.50-4+deb12u2.debian.tar.xz
3f34327f8ef043d6a1ab9d4c39fe123ee10141f9f04c948df169f1bc279d8bff 19078 jetty9_9.4.50-4+deb12u2_amd64.buildinfo
Changes:
jetty9 (9.4.50-4+deb12u2) bookworm-security; urgency=high
.
* Team upload.
* Fix CVE-2023-36478 and CVE-2023-44487:
Two remotely exploitable security vulnerabilities were discovered in Jetty
9, a Java based web server and servlet engine. The HTTP/2 protocol
implementation did not sufficiently verify if HPACK header values exceed
their size limit. Furthermore the HTTP/2 protocol allowed a denial of
service (server resource consumption) because request cancellation can
reset many streams quickly. This problem is also known as Rapid Reset
Attack.
Files:
b4194daa34e0120c9160babaf39a28be 2836 java optional jetty9_9.4.50-4+deb12u2.dsc
871f1f6bf5c59bb1ce97ce32e903d8a9 81324 java optional jetty9_9.4.50-4+deb12u2.debian.tar.xz
b9bcec8fc656ee3d4f589a6b7642e267 19078 java optional jetty9_9.4.50-4+deb12u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmU+63NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkr2MP/3nzzY4ituvas6qvRiMkQaMB4PcZamqhH+8W
Tt44x82wf4VinGZwK9rk+upz/7v2gjuNi87dzy1EKxpcH3zh8wavoN2D6kA59bpp
pptGif3IPda/Amjv5oCDiaYAE1OD2N52O+Z8OdZvO4GDbt4fC9yJ/3Vq6ZDr0Nle
a+TXJA1IY6T8Fkh8ODE7s4Do/VBOY7759GPH7SoVWsG9TiKdHLm6ITkth/Qr3F/4
JWUjBq4sELOGNAAG04ChGoclr6Xm86UTLifdAZsiGU4q4I5j+pJrOL4wY5Fh4Rge
iGsP8cHxE9SPDFIbkJHA0pyysEBfmnH2HNDXHEVVlYNOsedSw+EqScMWSiU7IwDy
QAl93TG3JFJzia3218NVT3OEitx9JqXo+SoX1a/EqXiHkRp4YdungD+jHfK01PcZ
njnCOxmmkDIS1EhqlnyK6ffE4VSr4z9yg3RMrJ1dr7etwlsK7W+Z9n+Gdr4gIeu/
fnVbhgzgGQ+Pl9ga2ByFqS3Bj2bMsMTFC4kCto7yrod5O9f69Uhv3VsZl+30eieV
ClPbPb69Gb1YSNz8J5+Zyv6Cg4M59kUOzsbWXRrntpMhbAA9Txn2jiXv2STWLRzF
WvKXI2E6dutD4UORdGubtRzWpeS8oywIZCA/RE1ofypMicc3BBKwAjkoeeClETRW
5t39CTJK
=tsXX
-----END PGP SIGNATURE-----