[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted jetty9 9.4.16-0+deb10u2 (source) into oldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 21 Aug 2022 23:51:58 CEST
Source: jetty9
Architecture: source
Version: 9.4.16-0+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 af26bd5c47d45a8c48e2974328a8762bd4ca7974 2776 jetty9_9.4.16-0+deb10u2.dsc
 8d01acf7203cb7ca42cc08c81aaaf5b886e1a993 50180 jetty9_9.4.16-0+deb10u2.debian.tar.xz
 66a8948ad0e2a4724edd34462ad5f35c72df1057 17787 jetty9_9.4.16-0+deb10u2_amd64.buildinfo
Checksums-Sha256:
 67d80c7b9cd80c30dc76b226073c05cffd8470ad68bd773fe3c04ab0446476af 2776 jetty9_9.4.16-0+deb10u2.dsc
 bc47cecf0b9ffc412fe8980816bb9bf99282a253a1b58dd21dd8ab61a8cd16f1 50180 jetty9_9.4.16-0+deb10u2.debian.tar.xz
 221a96e4f477cee0cb4ba357e4478d334b13cd68ff2be9b61d84d1375aa286ac 17787 jetty9_9.4.16-0+deb10u2_amd64.buildinfo
Changes:
 jetty9 (9.4.16-0+deb10u2) buster-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2022-2047:
     In Eclipse Jetty the parsing of the authority segment of an http scheme
     URI, the Jetty HttpURI class improperly detects an invalid input as a
     hostname. This can lead to failures in a Proxy scenario.
   * Fix CVE-2022-2048:
     In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid
     HTTP/2 request, the error handling has a bug that can wind up not properly
     cleaning up the active connections and associated resources. This can lead
     to a Denial of Service scenario where there are no enough resources left to
     process good requests.
Files:
 2cdad2035bb316328385e07abca82aea 2776 java optional jetty9_9.4.16-0+deb10u2.dsc
 e6598f14fc090e7e96feda26724ef6fa 50180 java optional jetty9_9.4.16-0+deb10u2.debian.tar.xz
 8fcde6775b1c1535058a3bb4b00251de 17787 java optional jetty9_9.4.16-0+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmMCqVhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk/BgQALRjNqLcXYWzJnDGWGbeJYPSj8Eb/J7CuhNk
6NjIq5mSn0N2xnc+SZDLlOWSDNysj+4zE52Rkss+vybYi2bjzfz8TsR2qLAZ5PQY
83EVR0yY74e4r+Beilkl5fG07SHFRm5+xcP7CwSofx6YLoK5FfrEqZipCosFQlse
I/kpSR+t4ijGE+mpgqVns5yZqIEXzl9iMK4lVTKx1+Z9Jxk8sT+0ZPvu+B68mgX+
ynfC+StebWX1QmddX/8dJWHpNvEXjKAC+eKhegJcM95tdo4yHljgInPeIlxj+a6o
ZRmOAP2s4CVHUIhw4bISWr0symie+7omY5hZdnjHKY/4aFfXHN1y6V9A9iZ6kMgn
dsLhnDXKqSQydC9aNLi+ghnZjbK+m69s5JmdsY+hN066bx4pOrsl5bMcrVOE8TyJ
pS2voXEMEmYTc7ZIBIjAcBkJoxAM+2Hn6M6NKJZjh1rGZBBeSkjwzo5IH74nq7he
GGHWL93tyVOKwZdhtQgaKXRj7DaJFrRJTKwaS5PyDWPD7Lg7GDraFxzCCBSnk9pR
Kvc9STD4sULRM+JiiCsB/HRV7XQxDObRAd8QHGkuBzsUKXJ1740Y/vuhBV5sVa4V
YUK7hmDng8TNhuLvVm05a4M3uNV98Nw8VTs3PgxCYWA/vxwtE18KNWkQtGKxyKS0
omVuo92e
=rpPX
-----END PGP SIGNATURE-----


Reply to: