Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted jetty9 9.4.57-0+deb11u1 (source) into oldstable-security
Date: Tue, 01 Apr 2025 20:40:19 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue,  1 Apr 2025 21:00:00 CEST
Source: jetty9
Architecture: source
Version: 9.4.57-0+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 d050a6f5054282e28fb715df99925707db9f42f1 2836 jetty9_9.4.57-0+deb11u1.dsc
 4ea2fe7f77fbdc49a9d39295b0943e7544b37a66 9913500 jetty9_9.4.57.orig.tar.xz
 52c0b7f5c14530dcbb9f20bd77ee119070f8e5bd 30764 jetty9_9.4.57-0+deb11u1.debian.tar.xz
 6e71cb55995d3cb7e4541fd51442896ed275ecb0 18356 jetty9_9.4.57-0+deb11u1_amd64.buildinfo
Checksums-Sha256:
 6ef2933cbe6ca40195bfd64d5d9732d1882aa79ceb3bf95705cd8942bf25f53a 2836 jetty9_9.4.57-0+deb11u1.dsc
 0b39eb1e68d54c95a199547ba3919335181d03ce4ee5ff00346d986b33d5992f 9913500 jetty9_9.4.57.orig.tar.xz
 224663896ca5c384669496549b24ec990358ee690810c19caebbe2d4af79e944 30764 jetty9_9.4.57-0+deb11u1.debian.tar.xz
 e257fc845ebce268be9a2e876dea9afdd8a858dbc692e9d9f2cf90b851a9cf98 18356 jetty9_9.4.57-0+deb11u1_amd64.buildinfo
Changes:
 jetty9 (9.4.57-0+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * New upstream release 9.4.57.
     - Fix CVE-2024-8184:
       There exists a security vulnerability in Jetty's
       ThreadLimitHandler.getRemote() which can be exploited by unauthorized
       users to cause remote denial-of-service (DoS) attack. By repeatedly
       sending crafted requests, attackers can trigger OutofMemory errors and
       exhaust the server's memory.
     - Fix CVE-2024-9823:
       There exists a security vulnerability in Jetty's DosFilter which can be
       exploited by unauthorized users to cause remote denial-of-service (DoS)
       attack on the server using DosFilter. By repeatedly sending crafted
       requests, attackers can trigger OutofMemory errors and exhaust the
       server's memory finally.
     - CVE-2024-6762: Deprecate and warn about using PushSessionCacheFilter and
       PushCacheFilter.
Files:
 09096099e9cf2cb217e36f57a6683efa 2836 java optional jetty9_9.4.57-0+deb11u1.dsc
 53d9f283ec2bb7a11c16b0998f2f391e 9913500 java optional jetty9_9.4.57.orig.tar.xz
 dc61bf786ee08752fb7a5836d69ac8e6 30764 java optional jetty9_9.4.57-0+deb11u1.debian.tar.xz
 b19f6eb39d0bc5027d63a501e2e38921 18356 java optional jetty9_9.4.57-0+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmfsTD5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkb2MQAM3jrzbxkgHEs+QGnrzdsydOzDU5Tp0OYx7s
L2ASmlAT/nVdyKneA6BJoE8lDDgsfRy39p8LYvKZSB5aJxK54YGrfwqo25rd2grx
FSQ9aU5kCmyRurIrvAejKTa901yWxxsPnYobXfCfXYlY/58S1ZozdqERjV/8cIVf
uPiwXmJDQEfC8j+DZyDioXuA0TuGgtMfk26G0C2RGdnpkgLiTlt+CgU64PuzIPoA
Nqv/9h/UYZ4MTdne2n5aogy3g7QhM7XP+/wHaCA1mezvmC5VG3L9rA9C7g8WQJ7O
ayXGVXgHZ9OMuFRGAdu6Plc+zIs3XDWFa/qA8kI/oYbfrOky2b+rC5+nbmCGt+9U
ZwmZPlr8m/zOs46cBzlQKjB33BfVza0iczcoSLtMxI0/s2g/9mT6lWElnE3TCm7W
HglFEVHGOPCZ81XrDlThlWKPTS96X8oHphdxQhWRqqV+ERXoeyg8AT71whWs5s9q
Q9WGUfrxx1JtP/hQ0+CUE/xEHf2/T4Cp2qzskwEU8EfdAtfSVFf9gOioXNW9pHof
jMLfkC3BjJLIhPqSv59M0l/wzehH3gjux4NXdywjAfs1uGWQY3KQ+UWqeGO9W4L0
5l/Y45qQqmWu3lXLzNaG02UvE/jVeF4KTV4b10bCLxgTbXq5pUZZ4WPaguWDqZmv
K4nLQj9L
=EaBj
-----END PGP SIGNATURE-----
News for package jetty9
