Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted jetty9 9.4.50-4+deb11u1 (source) into oldstable-security
Date: Mon, 30 Oct 2023 19:41:57 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Oct 2023 16:10:27 CET
Source: jetty9
Architecture: source
Version: 9.4.50-4+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 24b2735b16572005b44a8fb776ba2dfaa94aff01 2836 jetty9_9.4.50-4+deb11u1.dsc
 07878463bce25adeade6989ca81ecd90d687cdfa 81368 jetty9_9.4.50-4+deb11u1.debian.tar.xz
 d00661679e93092c113c95c63738f50cdfa524da 18271 jetty9_9.4.50-4+deb11u1_amd64.buildinfo
Checksums-Sha256:
 894175c2fcef55b984adbfa024950ecdbf15b19d436df646d76a4e76b459e171 2836 jetty9_9.4.50-4+deb11u1.dsc
 4c76673802a752af1f7a23610006ea11171de20588e68e865f51da744b7ffd37 81368 jetty9_9.4.50-4+deb11u1.debian.tar.xz
 0bac2102cdebf062c3d575aa5af7af5dc9702cb4a8286bfdeb40eb8a9cee1ca7 18271 jetty9_9.4.50-4+deb11u1_amd64.buildinfo
Changes:
 jetty9 (9.4.50-4+deb11u1) bullseye-security; urgency=high
 .
   * Team upload.
   * Backport Jetty 9 version from Bookworm.
   * Fix CVE-2023-36478 and CVE-2023-44487:
     Two remotely exploitable security vulnerabilities were discovered in Jetty
     9, a Java based web server and servlet engine. The HTTP/2 protocol
     implementation did not sufficiently verify if HPACK header values exceed
     their size limit. Furthermore the HTTP/2 protocol allowed a denial of
     service (server resource consumption) because request cancellation can
     reset many streams quickly. This problem is also known as Rapid Reset
     Attack.
Files:
 feb19c9542e4eceffbf461bac0a8178b 2836 java optional jetty9_9.4.50-4+deb11u1.dsc
 ba6c4b895d9e0d3442353390d99c11ef 81368 java optional jetty9_9.4.50-4+deb11u1.debian.tar.xz
 6e62c739bc42ba52b6b31741974f8916 18271 java optional jetty9_9.4.50-4+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmU/ygJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkfeUQALmCAKJPFsvsuEXsWgeOY+SCWdg7xAFpkS4t
5H6W/SSlVTFgvIPE31iAU3yCs1RHwlgA0j5WE+Uwr49woAgfxnciL+qj/4iY32Qo
e8wqKr8zZAMwG1gbKQH1sTxwuwyM+FZnZamqsbzZWy2AZNC3XRBxraT9SbrZcEvy
x934k0bK50tv0lJ7Yhh90fco08YnIqWccC0T4jreIyK0Oxp0YzAYlpZp8TEdIwbq
ryokAPZYqTrz2RzkLjJSEaWc642fhANyxOjPztYB9q0lB7bpNGBHBsMrrI8c35D2
kXqzm7WJAWXHs+ZRz1FqMZhnWA2tnptMqLNuWKhcP6AXcn3rWTmaMKir+moJPA84
TAdruVssZiMAU2dv0To0Twq01Myh+SeonI/lV3DhG+s9vQ7cZI79y+T9iMxWCHy2
2TxvD2OCho5S9bALMg/HEaPKuWq+V0ZzzBzJU77aQHji9XtkadkdOkhHJMw3UEMR
THwzbsdPUjICEWiufZOPHi1F/obzzXVBWCEPWs9X9slnWaHLiGQFoRGJfu1dOC+U
093XIv3U+lTO/052C1xyvHFV4NvGD2iY6poUekSB3qD2SSeNBdq6Fb6h7Pn8o/4z
sagqKUnM+MJ53qWZfHOg2tM5ltQ9VKVnJPJqMI/GELy5ZenhMO5LtMQxkIwYVOgI
rYgavj9f
=+e8r
-----END PGP SIGNATURE-----
News for package jetty9
