[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted jetty9 9.4.39-3+deb11u1 (source) into proposed-updates->stable-new, proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue,  2 Aug 2022 12:04:18 CEST
Source: jetty9
Architecture: source
Version: 9.4.39-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 fcf0991cbaf0dce6c89dea761068d3488fdfafc3 2782 jetty9_9.4.39-3+deb11u1.dsc
 00c84ba82fe5d5627b7c7a64c4cef9534c62ab13 11146440 jetty9_9.4.39.orig.tar.xz
 27639c6352279dcf9181791f0541f8a6496469c1 44120 jetty9_9.4.39-3+deb11u1.debian.tar.xz
 e07953c11d781ed3669b18f0af0d2f8b8847dbc6 18014 jetty9_9.4.39-3+deb11u1_amd64.buildinfo
Checksums-Sha256:
 f2e4e59d6f0d30431a5fa19978dfba6451b231464b6bdb7e5b38f93b06089de8 2782 jetty9_9.4.39-3+deb11u1.dsc
 8f59dbfd0663b23adca26a01914fa57e7a8cad27d595af457b4dda02d9cfefb3 11146440 jetty9_9.4.39.orig.tar.xz
 055d73273a8d4e9b03354020361a6e347e3ef39d02accc044ca17ae69957dcc9 44120 jetty9_9.4.39-3+deb11u1.debian.tar.xz
 18c2492744d0d9d9bb959a5d73de7f9e50676202b505fc815dfcd65537b4672b 18014 jetty9_9.4.39-3+deb11u1_amd64.buildinfo
Changes:
 jetty9 (9.4.39-3+deb11u1) bullseye-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2022-2047:
     In Eclipse Jetty the parsing of the authority segment of an http scheme
     URI, the Jetty HttpURI class improperly detects an invalid input as a
     hostname. This can lead to failures in a Proxy scenario.
   * Fix CVE-2022-2048:
     In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid
     HTTP/2 request, the error handling has a bug that can wind up not properly
     cleaning up the active connections and associated resources. This can lead
     to a Denial of Service scenario where there are no enough resources left to
     process good requests.
Files:
 ff619dd334b3a046a9d7d6176d133945 2782 java optional jetty9_9.4.39-3+deb11u1.dsc
 9be2d26f25e65b8d223d3546ee848ccc 11146440 java optional jetty9_9.4.39.orig.tar.xz
 e63155b7c476f2490fbb6d834a82e572 44120 java optional jetty9_9.4.39-3+deb11u1.debian.tar.xz
 b801c3913cbddf7ec50e1b1b9592b7ab 18014 java optional jetty9_9.4.39-3+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLo9qdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkyqwP/im00a1HgwpGiK6hUbw//BTY4L+05xXOFwHg
3o+wZmSrbe+3l1WY/6/AVSBp4keU3WKjy4NNa3TXoJpOVxKw0eN57eYzy+sc7wSJ
6fdkEWk1kPwgkUK1gDn18ihjFFaJ9/DRPO1859oKaEYq+F/zL4p0LmiQR3KqUGXH
P1fJcSyRNsNkhcGaT3V03hx3cnXuUEXsVtCGBunhIZrm8WJVjC3KmW5XNA8aebNq
HTJThWpf6CUUq2VyGd/VX3gOGB+xAhmsMtu9JpLe2LlF9ycda+m2fTb+JA7eI8K9
vEhriB2mVUQo3fs+lg9JpSsoNNE/GsHCWT3Gqc8rhoB0Ox7W5hWhVajqFlGlONIU
wfooBPUuxVW8p7t1Nie1GKIYltF28/dn8L8oDDWlqTpkAf3OEBfzYvVcIr9nl1c3
GETqcjiIJBlzDX/XgcaQWE1gyXdGtU3HLrni2tp3eQOS0OO8C/qib2s3g/Aj38tR
jEjlboNVzKiJBIwHpJvMwy//XVl1rlci0L0E9i1aAjFQGPX1V+5WoLEcfmeQH1zv
x6Tm/wz8ZgU7dcWUSnKijJrLdC/T69TSfS5iQapnldMAK41P/PBs+bDBEwziBVl8
QtdZyDoi1xHz5YP1FwAZ/qAxuqtvSpC4Q5UorV9qD+WI7SU4XDsEFFSqURQHHFK1
Qrfqf5Op
=s7Iw
-----END PGP SIGNATURE-----


Reply to: