-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 7 Apr 2024 22:31:45 CEST Source: jetty9 Architecture: source Version: 9.4.50-4+deb12u3 Distribution: bookworm-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: 993e3deffc6cdc131b21203814655c6a21940938 2836 jetty9_9.4.50-4+deb12u3.dsc 9e5acac5c2728b421791347629f570b3c061eba1 82528 jetty9_9.4.50-4+deb12u3.debian.tar.xz 870f42a9b318ea1263d3e941f2f41872818aa382 19236 jetty9_9.4.50-4+deb12u3_amd64.buildinfo Checksums-Sha256: d2375925e47595d87e5c5329acac0715af0535469405b529ecd63ca8395f4213 2836 jetty9_9.4.50-4+deb12u3.dsc cec77b64bfd93368377aa9291b100f4e7c18242005e37758ef8a314f0b8e5802 82528 jetty9_9.4.50-4+deb12u3.debian.tar.xz 44f93c184d471a762f0263d26056ace7ce2823aa79b1d70ae45f99878c50bb81 19236 jetty9_9.4.50-4+deb12u3_amd64.buildinfo Changes: jetty9 (9.4.50-4+deb12u3) bookworm-security; urgency=high . * Team upload. * Fix CVE-2024-22201: It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service. Files: 70ae7f71b9d11333338c687dafeaedb2 2836 java optional jetty9_9.4.50-4+deb12u3.dsc 67ce53cc8de4bd0e004fdde1cdc4ca4b 82528 java optional jetty9_9.4.50-4+deb12u3.debian.tar.xz e232502b82415d6642c3f0096ba4fad4 19236 java optional jetty9_9.4.50-4+deb12u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYTA1tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkC9wQAMITTmUlDRNdedDtJTD4BU9RZ+fQUq4aLdHK gFOXsd1bYudShHBdK1h4HDu1SE+dYGatZtntDtFAuNNMilpDtIB2I9IaAlpZi8fn v0ShB+ldErWACyKcs7LuB/Zg9jLWdyeqmaW2REkZNg7E7W7OyPvoQedZWMcUt4IT FLu7UkpsmjaTfVPGx7MQlZdh6kJUWvSd21dWZ9Gf7cvK98tj1nofN4UGnLHPi05D QBHbym6ZpFHwEi9nm+VWgIQPWDb2jEToWKtRmyLwzx5Zk5CT8fWejzuS3BhIvQf0 8Zu9FRAjjuwb0hD+C4o0tLZnyw022L/F5XzGb4fC9L1+XY0L2ckEuax6iPyovNpy I6IyUQZpy0dct16CY4f7u+SLUNyyC+FHIx9fzFq30q8u4ckueoV1BGZATGzPxnP+ 23oKBCKOBP9zq4mrUKdHiaR3UzfXDI9SCYQEQCjqcwO4sMct5MeKNWEp8HbySnKq 0mcjScy8DXQqVBo9ToT3cFjGQfSvlZMqjtoPtwwFJ2FyaIorrPAYwWmD0xW2FTG0 WON/BCXbIUd7SV5SXkhptH1n2DRdBKgBhPgb0DJczahz1pGn2SF2g+I3NyjzMsar zsTv9FXskFf/kYmAcTQF6IsJRQBa8iJqacbYVqi3lFejI29ibgJdcFIgOSezjq8b eC6TKRMR =f9hT -----END PGP SIGNATURE-----