-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2688-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler June 17, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : jetty9 Version : 9.2.30-0+deb9u2 CVE ID : CVE-2021-28169 Steven Seeley discovered that in jetty, a Java servlet engine and webserver, requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory. An attacker may access sensitive information regarding the implementation of a web application. For Debian 9 stretch, this problem has been fixed in version 9.2.30-0+deb9u2. We recommend that you upgrade your jetty9 packages. For the detailed security status of jetty9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jetty9 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmDLmDYACgkQDTl9HeUl XjC9lxAAta8AQTlorQDU9j8PsE/ptOBypDn3sPM0iDKLOwnBGRnZkDLmSjbnq8Dd ODSXrndn/f/tFZa2lkE0yY3BjcG7NZFeij8dzHnIn7g4En9W9fxFHW5uaGR44ZHU 1rKz4hueQFRx3dZZifSMkvD2Dh+2X0oU9YYfFWZqGp53ExHdBgylBE45qmS8q66Z 2R3ATYUGvmKZeLFA3PJ+/9/e+wdq24dn4hl6OCvzpPz35Qud7MdwNgQfDT8OoiJj GOnhPc7ftQxeu9QrTAtZxAKjiD1X7CT4rBF9vjzHhP6bBnxm7BFjnIdLipP8ryj0 Xe3ZtZC9t0DhclDmj5BYRsheigB2Wfsh0LFJYr9nLKgdM+53bCvALqCReCoWPLsJ eYA0GQTpF8y4HLZ80G011tLeTPkwWY54DPXwPP9Obn9oM7SSyRXOihCOkogCoxB1 IrkM+L1W763IRGdcoBfSLGWisKExG4E9PJJTjZGLMI6RgG80ev+r9/BdEaT0a8NK 20XBmSXEG2WUr+b4cqglY//rXNpw7L0WGXkmV5y0hajnc1k0cHP6KVuBTvNrvoZX Gah++hQt0vAU+U2r3g4ayIBwe9R8Wi2mYXo9YkUu/+P9cGrBEAf4L2cpNKTLU2gB 6VMXEp3txX65zAJr666lAOaYO4UsB0ohWZC7RlEfj4EFP2OM26g= =i0es -----END PGP SIGNATURE-----
