-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 03 Jul 2018 14:31:51 +0200
Source: jetty9
Binary: libjetty9-java libjetty9-extra-java jetty9
Architecture: source
Version: 9.2.25-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg@apache.org>
Description:
jetty9 - Java servlet engine and webserver
libjetty9-extra-java - Java servlet engine and webserver -- extra libraries
libjetty9-java - Java servlet engine and webserver -- core libraries
Changes:
jetty9 (9.2.25-1) unstable; urgency=medium
.
* Team upload.
* New upstream release
- Fixes CVE-2017-7656: A remote user can submit a specially crafted HTTP/0.9
request containing invalid request headers to cause Jetty and an upstream
HTTP agent (such as an origin server or another proxy) to interpret the
boundary of the HTTP request differently. As a result, a malicious request
may be embedded within another request as processed by the subsequent
system. This allows a remote user to potentially poison the cache.
- Fixes CVE-2017-7657: A remote user can submit a specially crafted HTTP
request containing invalid Chunked Transfer-Encoding headers to cause
Jetty and an upstream HTTP agent (such as an origin server or another
proxy) to interpret the boundary of the HTTP request differently.
As a result, a malicious request may be embedded within another request
as processed by the subsequent system. This allows a remote user to
potentially poison the cache.
- Fixes CVE-2017-7658: A remote user can submit a specially crafted HTTP
request containing more than one Content-Length header to cause Jetty
and an upstream HTTP agent (such as an origin server or another proxy)
to interpret the boundary of the HTTP request differently. As a result,
a malicious request may be embedded within another request as processed
by the subsequent system. This allows a remote user to potentially poison
the cache.
* Compile with the --release parameter to preserve the compatibility
with older JREs
Checksums-Sha1:
0abc9cb7bb0c48456802b4fccf78342aaad509a3 2484 jetty9_9.2.25-1.dsc
07151fcb2fc8f3341663f6109ec5bf49a6475131 7444844 jetty9_9.2.25.orig.tar.xz
cab3af952bb5b2b9f6a68339350779865e7d63cd 26564 jetty9_9.2.25-1.debian.tar.xz
e74b7d6e5446943346d50589de330b824e536bed 16456 jetty9_9.2.25-1_source.buildinfo
Checksums-Sha256:
f3eea5d3fd340436647f6bc05ea79003e1c7bb53f654d00a5237a239ae346df5 2484 jetty9_9.2.25-1.dsc
37ba13e64e3f5e0cabb7429807dc6c3008323654cf0c1002650cd2d9608f00ad 7444844 jetty9_9.2.25.orig.tar.xz
dd779621fc5186dfe8c6dbc8619d5990b7776a0aecb3a7e3b3caa9f1525d2df3 26564 jetty9_9.2.25-1.debian.tar.xz
8541861f167bf0481ca3f2d6d594e12e2c572321a908e4afde555291de499b2d 16456 jetty9_9.2.25-1_source.buildinfo
Files:
00ea77ffa581a37ab5fe67ff7cd07cde 2484 java optional jetty9_9.2.25-1.dsc
1227a78496685085901ef37a8147688e 7444844 java optional jetty9_9.2.25.orig.tar.xz
fe579bfda153c1524f65cedd4b3263d2 26564 java optional jetty9_9.2.25-1.debian.tar.xz
2c233e30199c75516db89089374c135c 16456 java optional jetty9_9.2.25-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAls7bMgSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsS54QALKHorEsM0az+/PEKDbpLJmTKlDl8j+T
tu9u+Eo/4Ohfq7S1Xn/cZASuFEW03nPRBxQXSDFlzdyi4neBBo/wR8iYdUPTWlRt
giYqaGr7xE5jIF2qf6HAYH5S5nUpi77Q1ADlmTbP0nlr4DFkkQapGzJAnT6GqiBW
OffUoYY6/FXti36gCj5KFtRDslYuFit1jodKvtD3Pj4Csm1XzUhxz5sk0pCSBeZL
65GkQInEQlfNZT3YNCC7762Mw7RDMIuZaVW5uQ5UD9kIWmv7GP8ZaJsHb1b9GKl+
l8i7Afk6Zgb/pm7p2MepaMcPnjmEI1gnHNMU91mTGICpZfuBP/9DOU6oTTBQGFPq
rMdhmofVpQMfYzd6g8oBUR/pCWWqQRXmV6KtaVVB7DE0Od/O2kkqA4fayO+Q0dtL
8IkraN9vE+XHqaYHu7GT5BA1s28WEyf2IjB0ITaWma87BatNScQ0fx5DsLVADSvf
BCx08MD3KbtYKzRhO3v+9p+2p1tfDTIeEVrxHFVM4rL0SiJy17KsoPkqJBhsolBo
qvGZddkz7mg6u2lmhr3XXSnJvWBDEWt/6X7WlmIEv8fZQp6PDRX0XWSOk0xM2EqL
yWLZs9TmOYS9R59DXEsgkZQpqjymTfMM0bR+yjE1WSL0qcUH8nzcVTyEISmhZ/fT
oiThb5demh6Y
=fq0M
-----END PGP SIGNATURE-----
