Accepted jetty9 9.4.50-4+deb11u1 (source) into oldstable-proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted jetty9 9.4.50-4+deb11u1 (source) into oldstable-proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 04 Nov 2023 12:48:26 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: jetty9_9.4.50-4+deb11u1_source.changes
- Debian-source: jetty9
- Debian-suite: oldstable-proposed-updates
- Debian-version: 9.4.50-4+deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=BBwUj8FM/wZ+Ps8e0FdAA+W3Fok5MToYIid262DrDUM=; b=dEzbejHIk7gEoB4Vy38mkqR7DX tJXBHZogKMwcbMeV5g6TKAcaAuq5e4hSb68PG1D9qkQmCArPB1YXAICoyFkxE3AV5aFTwQR8hr+8t 2TlfKiwrVDvo9iyoS4czO5Csd8PdjECavsbK4SHi/i5hXp2ZBrNUMsrBJ+gow/VJYiaoOgSSoVNrb 2erHmwYYDLEDqQUAOw2n5MG12M3zfNnZLWnGndXY92qaY7469+iTeS0yZno7AUL1+sDtGa98MduHD ghHsuGsK5mUYXkN2jigMdmSY4EL++OI3vOFEwO9jYfBoAwnYJSfrP3mJLGV0HeIS7fjrEN+WZ8Oxs yX4iTeZA==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qzG4g-001IJe-WD@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Oct 2023 16:10:27 CET
Source: jetty9
Architecture: source
Version: 9.4.50-4+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
24b2735b16572005b44a8fb776ba2dfaa94aff01 2836 jetty9_9.4.50-4+deb11u1.dsc
07878463bce25adeade6989ca81ecd90d687cdfa 81368 jetty9_9.4.50-4+deb11u1.debian.tar.xz
d00661679e93092c113c95c63738f50cdfa524da 18271 jetty9_9.4.50-4+deb11u1_amd64.buildinfo
Checksums-Sha256:
894175c2fcef55b984adbfa024950ecdbf15b19d436df646d76a4e76b459e171 2836 jetty9_9.4.50-4+deb11u1.dsc
4c76673802a752af1f7a23610006ea11171de20588e68e865f51da744b7ffd37 81368 jetty9_9.4.50-4+deb11u1.debian.tar.xz
0bac2102cdebf062c3d575aa5af7af5dc9702cb4a8286bfdeb40eb8a9cee1ca7 18271 jetty9_9.4.50-4+deb11u1_amd64.buildinfo
Changes:
jetty9 (9.4.50-4+deb11u1) bullseye-security; urgency=high
.
* Team upload.
* Backport Jetty 9 version from Bookworm.
* Fix CVE-2023-36478 and CVE-2023-44487:
Two remotely exploitable security vulnerabilities were discovered in Jetty
9, a Java based web server and servlet engine. The HTTP/2 protocol
implementation did not sufficiently verify if HPACK header values exceed
their size limit. Furthermore the HTTP/2 protocol allowed a denial of
service (server resource consumption) because request cancellation can
reset many streams quickly. This problem is also known as Rapid Reset
Attack.
Files:
feb19c9542e4eceffbf461bac0a8178b 2836 java optional jetty9_9.4.50-4+deb11u1.dsc
ba6c4b895d9e0d3442353390d99c11ef 81368 java optional jetty9_9.4.50-4+deb11u1.debian.tar.xz
6e62c739bc42ba52b6b31741974f8916 18271 java optional jetty9_9.4.50-4+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmU/ygJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkfeUQALmCAKJPFsvsuEXsWgeOY+SCWdg7xAFpkS4t
5H6W/SSlVTFgvIPE31iAU3yCs1RHwlgA0j5WE+Uwr49woAgfxnciL+qj/4iY32Qo
e8wqKr8zZAMwG1gbKQH1sTxwuwyM+FZnZamqsbzZWy2AZNC3XRBxraT9SbrZcEvy
x934k0bK50tv0lJ7Yhh90fco08YnIqWccC0T4jreIyK0Oxp0YzAYlpZp8TEdIwbq
ryokAPZYqTrz2RzkLjJSEaWc642fhANyxOjPztYB9q0lB7bpNGBHBsMrrI8c35D2
kXqzm7WJAWXHs+ZRz1FqMZhnWA2tnptMqLNuWKhcP6AXcn3rWTmaMKir+moJPA84
TAdruVssZiMAU2dv0To0Twq01Myh+SeonI/lV3DhG+s9vQ7cZI79y+T9iMxWCHy2
2TxvD2OCho5S9bALMg/HEaPKuWq+V0ZzzBzJU77aQHji9XtkadkdOkhHJMw3UEMR
THwzbsdPUjICEWiufZOPHi1F/obzzXVBWCEPWs9X9slnWaHLiGQFoRGJfu1dOC+U
093XIv3U+lTO/052C1xyvHFV4NvGD2iY6poUekSB3qD2SSeNBdq6Fb6h7Pn8o/4z
sagqKUnM+MJ53qWZfHOg2tM5ltQ9VKVnJPJqMI/GELy5ZenhMO5LtMQxkIwYVOgI
rYgavj9f
=+e8r
-----END PGP SIGNATURE-----