[SECURITY] [DSA 6005-1] jetty9 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6005-1] jetty9 security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 19 Sep 2025 18:34:00 +0000
Message-id: <[🔎] aM2iGLmjDK_8td5U@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6005-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
September 19, 2025                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : jetty9
CVE ID         : CVE-2025-5115

This update for Jetty, a Java servlet engine and web server, addresses a
protocol-level vulnerability in HTTP/2 support also referred to as
"MadeYouReset".

For the oldstable distribution (bookworm), this problem has been fixed
in version 9.4.57-1.1~deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 9.4.57-1.1~deb13u1.

We recommend that you upgrade your jetty9 packages.

For the detailed security status of jetty9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jetty9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjNoSQACgkQEMKTtsN8
TjaidQ//ZJ/M3/JQ5/Pj4jN1bF+JnX1DKY/t44ywP5cmaSMBU1nqnYmtIJXmnuq5
qRoPGb4Ado/8K7QLG1K24U2DRLm8andVeHEyS7xb4Ep4GMeYLCOwOAmf04T9gyvK
iUv/41DfS8blVSO4k42cilg4itNnJuY9ROdGL8xyKIIts2Es7hKa5IyAtASCNfoL
A93l1fh+7llP2lLRPiRTGf9JdsHDSeLnjwvtDWh9t01N6Xcsdf/EdXPy9ePQspue
Hi57B/i79JyOwJdzVOZIu566xtZddpHfpzKcSX8v1O+zNqulGu7b8FFiqTGLS3ke
reAk0dLZ2k5EQv/82D8U0ejcUrQJcUMqIGN6ln1tZmwkbQUeS/wZuBrA+kHttu2x
sn70s+sjO5iZePp3gjryNuskkktGT3nxBik3I1K0x60tsxAIoFwuYyzEpAdvOS50
+7Wwxx4dDB6ESYOi1M1NojYpSqt9xJl0pMe7cBGJwBYJzk+QG01fUZHmKyTX5rK/
WQjkOFfOCGMqywS7DL2zLgr1M8khzt3lbvKQP/X3+MBVkIwX4Pxbj0SV1oW0y++4
jYNfkJK2XB/0UpPMeK7EaEhMADy+yHMHiXYamLkKFigZsN5LHtzyIQyUxjOekeex
CSyf8gI0lk1XSYmw4RGB1jXQnwqhw5FwpzUi3DkmTRB1T+p6718=
=0Fal
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6004-1] chromium security update
Next by Date: [SECURITY] [DSA 6006-1] jetty12 security update
Previous by thread: [SECURITY] [DSA 6004-1] chromium security update
Next by thread: [SECURITY] [DSA 6006-1] jetty12 security update
Index(es):
- Date
- Thread