Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted jetty9 9.4.50-4+deb12u2 (source) into stable-security
Date: Mon, 30 Oct 2023 19:44:37 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 30 Oct 2023 00:30:15 CET
Source: jetty9
Architecture: source
Version: 9.4.50-4+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 2fa634ac200f34079b9e0e05b2ed7256f016285f 2836 jetty9_9.4.50-4+deb12u2.dsc
 9bb22cdbbbd6ae4bc26e17ade6996106bd76a8e4 81324 jetty9_9.4.50-4+deb12u2.debian.tar.xz
 4c7fe10326d66f758662f0084e7c86b98f23d001 19078 jetty9_9.4.50-4+deb12u2_amd64.buildinfo
Checksums-Sha256:
 68ba1c4e001145d096f1451c910bc0dcb605272ef57e5f112be83804502d5423 2836 jetty9_9.4.50-4+deb12u2.dsc
 9074d4c3758e9866cb175f7941fecfa21a274dbcee336e3a7d8e2ef841aa86d6 81324 jetty9_9.4.50-4+deb12u2.debian.tar.xz
 3f34327f8ef043d6a1ab9d4c39fe123ee10141f9f04c948df169f1bc279d8bff 19078 jetty9_9.4.50-4+deb12u2_amd64.buildinfo
Changes:
 jetty9 (9.4.50-4+deb12u2) bookworm-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2023-36478 and CVE-2023-44487:
     Two remotely exploitable security vulnerabilities were discovered in Jetty
     9, a Java based web server and servlet engine. The HTTP/2 protocol
     implementation did not sufficiently verify if HPACK header values exceed
     their size limit. Furthermore the HTTP/2 protocol allowed a denial of
     service (server resource consumption) because request cancellation can
     reset many streams quickly. This problem is also known as Rapid Reset
     Attack.
Files:
 b4194daa34e0120c9160babaf39a28be 2836 java optional jetty9_9.4.50-4+deb12u2.dsc
 871f1f6bf5c59bb1ce97ce32e903d8a9 81324 java optional jetty9_9.4.50-4+deb12u2.debian.tar.xz
 b9bcec8fc656ee3d4f589a6b7642e267 19078 java optional jetty9_9.4.50-4+deb12u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmU+63NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkr2MP/3nzzY4ituvas6qvRiMkQaMB4PcZamqhH+8W
Tt44x82wf4VinGZwK9rk+upz/7v2gjuNi87dzy1EKxpcH3zh8wavoN2D6kA59bpp
pptGif3IPda/Amjv5oCDiaYAE1OD2N52O+Z8OdZvO4GDbt4fC9yJ/3Vq6ZDr0Nle
a+TXJA1IY6T8Fkh8ODE7s4Do/VBOY7759GPH7SoVWsG9TiKdHLm6ITkth/Qr3F/4
JWUjBq4sELOGNAAG04ChGoclr6Xm86UTLifdAZsiGU4q4I5j+pJrOL4wY5Fh4Rge
iGsP8cHxE9SPDFIbkJHA0pyysEBfmnH2HNDXHEVVlYNOsedSw+EqScMWSiU7IwDy
QAl93TG3JFJzia3218NVT3OEitx9JqXo+SoX1a/EqXiHkRp4YdungD+jHfK01PcZ
njnCOxmmkDIS1EhqlnyK6ffE4VSr4z9yg3RMrJ1dr7etwlsK7W+Z9n+Gdr4gIeu/
fnVbhgzgGQ+Pl9ga2ByFqS3Bj2bMsMTFC4kCto7yrod5O9f69Uhv3VsZl+30eieV
ClPbPb69Gb1YSNz8J5+Zyv6Cg4M59kUOzsbWXRrntpMhbAA9Txn2jiXv2STWLRzF
WvKXI2E6dutD4UORdGubtRzWpeS8oywIZCA/RE1ofypMicc3BBKwAjkoeeClETRW
5t39CTJK
=tsXX
-----END PGP SIGNATURE-----
News for package jetty9
