-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 1 Apr 2025 21:00:00 CEST
Source: jetty9
Architecture: source
Version: 9.4.57-0+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
d050a6f5054282e28fb715df99925707db9f42f1 2836 jetty9_9.4.57-0+deb11u1.dsc
4ea2fe7f77fbdc49a9d39295b0943e7544b37a66 9913500 jetty9_9.4.57.orig.tar.xz
52c0b7f5c14530dcbb9f20bd77ee119070f8e5bd 30764 jetty9_9.4.57-0+deb11u1.debian.tar.xz
6e71cb55995d3cb7e4541fd51442896ed275ecb0 18356 jetty9_9.4.57-0+deb11u1_amd64.buildinfo
Checksums-Sha256:
6ef2933cbe6ca40195bfd64d5d9732d1882aa79ceb3bf95705cd8942bf25f53a 2836 jetty9_9.4.57-0+deb11u1.dsc
0b39eb1e68d54c95a199547ba3919335181d03ce4ee5ff00346d986b33d5992f 9913500 jetty9_9.4.57.orig.tar.xz
224663896ca5c384669496549b24ec990358ee690810c19caebbe2d4af79e944 30764 jetty9_9.4.57-0+deb11u1.debian.tar.xz
e257fc845ebce268be9a2e876dea9afdd8a858dbc692e9d9f2cf90b851a9cf98 18356 jetty9_9.4.57-0+deb11u1_amd64.buildinfo
Changes:
jetty9 (9.4.57-0+deb11u1) bullseye-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* New upstream release 9.4.57.
- Fix CVE-2024-8184:
There exists a security vulnerability in Jetty's
ThreadLimitHandler.getRemote() which can be exploited by unauthorized
users to cause remote denial-of-service (DoS) attack. By repeatedly
sending crafted requests, attackers can trigger OutofMemory errors and
exhaust the server's memory.
- Fix CVE-2024-9823:
There exists a security vulnerability in Jetty's DosFilter which can be
exploited by unauthorized users to cause remote denial-of-service (DoS)
attack on the server using DosFilter. By repeatedly sending crafted
requests, attackers can trigger OutofMemory errors and exhaust the
server's memory finally.
- CVE-2024-6762: Deprecate and warn about using PushSessionCacheFilter and
PushCacheFilter.
Files:
09096099e9cf2cb217e36f57a6683efa 2836 java optional jetty9_9.4.57-0+deb11u1.dsc
53d9f283ec2bb7a11c16b0998f2f391e 9913500 java optional jetty9_9.4.57.orig.tar.xz
dc61bf786ee08752fb7a5836d69ac8e6 30764 java optional jetty9_9.4.57-0+deb11u1.debian.tar.xz
b19f6eb39d0bc5027d63a501e2e38921 18356 java optional jetty9_9.4.57-0+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmfsTD5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkb2MQAM3jrzbxkgHEs+QGnrzdsydOzDU5Tp0OYx7s
L2ASmlAT/nVdyKneA6BJoE8lDDgsfRy39p8LYvKZSB5aJxK54YGrfwqo25rd2grx
FSQ9aU5kCmyRurIrvAejKTa901yWxxsPnYobXfCfXYlY/58S1ZozdqERjV/8cIVf
uPiwXmJDQEfC8j+DZyDioXuA0TuGgtMfk26G0C2RGdnpkgLiTlt+CgU64PuzIPoA
Nqv/9h/UYZ4MTdne2n5aogy3g7QhM7XP+/wHaCA1mezvmC5VG3L9rA9C7g8WQJ7O
ayXGVXgHZ9OMuFRGAdu6Plc+zIs3XDWFa/qA8kI/oYbfrOky2b+rC5+nbmCGt+9U
ZwmZPlr8m/zOs46cBzlQKjB33BfVza0iczcoSLtMxI0/s2g/9mT6lWElnE3TCm7W
HglFEVHGOPCZ81XrDlThlWKPTS96X8oHphdxQhWRqqV+ERXoeyg8AT71whWs5s9q
Q9WGUfrxx1JtP/hQ0+CUE/xEHf2/T4Cp2qzskwEU8EfdAtfSVFf9gOioXNW9pHof
jMLfkC3BjJLIhPqSv59M0l/wzehH3gjux4NXdywjAfs1uGWQY3KQ+UWqeGO9W4L0
5l/Y45qQqmWu3lXLzNaG02UvE/jVeF4KTV4b10bCLxgTbXq5pUZZ4WPaguWDqZmv
K4nLQj9L
=EaBj
-----END PGP SIGNATURE-----
Attachment:
pgp3QDD5ZP2Lt.pgp
Description: PGP signature