[SECURITY] [DLA 4299-1] jetty9 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4299-1] jetty9 security update
From: Adrian Bunk <bunk@debian.org>
Date: Sun, 14 Sep 2025 22:06:54 +0300
Message-id: <[🔎] aMcSTtD4cOKIvJKA@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4299-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
September 14, 2025                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : jetty9
Version        : 9.4.57-0+deb11u3
CVE ID         : CVE-2025-5115
Debian Bug     : 1111766

The MadeYouReset HTTP/2 vulnerability has been fixet in the Jetty
web server and servlet container.

For Debian 11 bullseye, this problem has been fixed in version
9.4.57-0+deb11u3.

We recommend that you upgrade your jetty9 packages.

For the detailed security status of jetty9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jetty9

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmjHEkoACgkQiNJCh6LY
mLFapRAAur4Sd91P4XD2r/pfMRq9al2M/NdtNR2Z4nXij8LywccVopHZ20beJbNi
+zWyLg/3cf03PkRHVIZv3mE6znJg04Q7WJw352B4eQWTbgI21i45m1yVoS6E4c/w
gSbDF5U5kylMptqMS2tvM89/8lE8bZ0qh82f1YYrKJ2gsH2XqQ8LiVB0Pypp5601
JNxYNZe13YIrMJuBLC6B0blQ07M5fbZd0uoAVejGM8d+5uxtcfwbuknMLWbqCPGp
b+UymAnRaHYShAYlcQRkN/aBxb6jtWzUPzNeri9OyQnJEif4cV2e6IQhlWkn/IMf
+EJfea8p1DeIbTx8yA3H24kjUL/wDBVQWKGwgFsQDM+oA3ildFJPcHmNa2fd7f5v
MIIuJQBkLFllEI6jh7D2NO1g2QngWwMsYVuGVs977N2Z+c5EN9cxf9jrayEW1tTO
dV80RqmZXCNKagSCiZ2lisFrBlTo/FvDoI/IW/5AhJ1IvsNg3eHqTRL9ttF+l05a
qR9hP04VZka9YoC47RhP4p9G5rQ7sLVNKOkPMy6W8kYgOCTTMBObl9YsXh+XwQs8
VIKzCg2L2DCED+2+FPwlqx7+QlQ0sC6b/oxHYoe/mkOs52G4Bi/oTx4MqF/zP+Qa
RzyrHUotvCEpwf6OzomMK45pPA+OB+qtYPJ5VwKWhVSUkR+bONY=
=F+G7
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4298-1] cups security update
Next by Date: [SECURITY] [DLA 4300-1] shibboleth-sp security update
Previous by thread: [SECURITY] [DLA 4298-1] cups security update
Next by thread: [SECURITY] [DLA 4300-1] shibboleth-sp security update
Index(es):
- Date
- Thread