Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted jetty9 9.4.39-1 (source) into unstable
Date: Tue, 13 Apr 2021 22:33:26 +0000
Signed by: Emmanuel Bourg <ebourg@apache.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 12 Apr 2021 00:11:03 +0200
Source: jetty9
Architecture: source
Version: 9.4.39-1
Distribution: unstable
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg@apache.org>
Changes:
 jetty9 (9.4.39-1) unstable; urgency=high
 .
   * New upstream release
     - Fixed CVE-2021-28163: If a user uses a webapps directory that is a
       symlink, the contents of the webapps directory is deployed as a static
       webapp, inadvertently serving the webapps themselves and anything else
       that might be in that directory.
     - Fixes CVE-2021-28164: The default compliance mode allows requests with
       URIs that contain %2e or %2e%2e segments to access protected resources
       within the WEB-INF directory. This can reveal sensitive information
       regarding the implementation of a web application.
     - Fixes CVE-2021-28165: CPU usage can reach 100% upon receiving a large
       invalid TLS frame.
Checksums-Sha1:
 4fbe4f6a64d8691ff1c5419a0ea093f21a785e94 2624 jetty9_9.4.39-1.dsc
 00c84ba82fe5d5627b7c7a64c4cef9534c62ab13 11146440 jetty9_9.4.39.orig.tar.xz
 d1a83dd7db0fc4fe5d10fba1c4b1b3dfcf3fbf8e 28584 jetty9_9.4.39-1.debian.tar.xz
 2ea6b44f4f6591e8064cd41ce09d312ef07bf83e 16811 jetty9_9.4.39-1_source.buildinfo
Checksums-Sha256:
 38867adccea8670da01d711d4ac1acea0db5a0bbc60cabcc56fc8ccff668215b 2624 jetty9_9.4.39-1.dsc
 8f59dbfd0663b23adca26a01914fa57e7a8cad27d595af457b4dda02d9cfefb3 11146440 jetty9_9.4.39.orig.tar.xz
 3c00a370eb3851cc803292106f04c21eabc2ad57cc4f53cd44241df699ea0f6a 28584 jetty9_9.4.39-1.debian.tar.xz
 a35de27d8ce66000c90dd296b3ad537c51527880fdcdff7fe76c0b43bda351d5 16811 jetty9_9.4.39-1_source.buildinfo
Files:
 81149abf1e4431aa92a8575dfee02b11 2624 java optional jetty9_9.4.39-1.dsc
 9be2d26f25e65b8d223d3546ee848ccc 11146440 java optional jetty9_9.4.39.orig.tar.xz
 f48700acc3f9778076b51a0b9c89a475 28584 java optional jetty9_9.4.39-1.debian.tar.xz
 3ea97a44326df789ac52c4d8a8572618 16811 java optional jetty9_9.4.39-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAmB2F3kSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsZMkP/1D914z2YIerD7YUtjn3fH6S9SltEvfk
1fg8SnsRUy5xYGxR+nVxGmn7VwXZAWSqdfcLa/jELWwWQbMwOdmSj1h6GdOjaW/+
aqJqd1jYifoprwOw67vAFruGpfo7bFfUKIR63krIVOiddkaqcR3DwqP+1vlFleYI
Cx049aub3t+pYM5d4gx47OpWWPq+JRJcpJ1YqUS1OaIdSzK9IqAFSutpokxdnSuy
PU2lRFRjZYECRkGxzjaVbaxxNLos8JLXpeRkFhtIHvOAekesYRxXItmSCx0d7sUN
Pco2TO0AiIJ7fVIg3MiOF84K4SnucrLRSYizGB1FGoYNceWlvF7OZF2KdHP/+kiN
HySg4/D1bHw0ZV/WQxS3dY8LB6GFw3XAIMl5Qt8fdHfIWzm9o+dhxbk2SQm41oo+
1AqBj0ofln/+H75LYlFQ5mZayVGyz8a6lNXfxf21o/py+WRzO6XkMLHPsZIwAZ1A
nLddVhk0WLci5gYMHqXF+gprh/L3DeczgtDYkC5iCAuAQygiyVq9OY4GSfCJt7R3
PHFxAcceH+/+ZmKFU7H9sCO91ia+ZzXKsFzCviBivd+An9bgeKDMinm1CLfF5BBU
yyq5VnOCFLWXQGftFaLi5dRtaoWdaZgiL9429IAshuU9sl8zpiIS7X1JMj8JhUsR
oMpwENolxXKd
=r20u
-----END PGP SIGNATURE-----
News for package jetty9
