Thank you for your contribution to Debian.
Mapping oldstable-security to oldstable-proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Oct 2023 16:10:27 CET
Source: jetty9
Architecture: source
Version: 9.4.50-4+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Checksums-Sha1:
24b2735b16572005b44a8fb776ba2dfaa94aff01 2836 jetty9_9.4.50-4+deb11u1.dsc
07878463bce25adeade6989ca81ecd90d687cdfa 81368
jetty9_9.4.50-4+deb11u1.debian.tar.xz
d00661679e93092c113c95c63738f50cdfa524da 18271
jetty9_9.4.50-4+deb11u1_amd64.buildinfo
Checksums-Sha256:
894175c2fcef55b984adbfa024950ecdbf15b19d436df646d76a4e76b459e171 2836
jetty9_9.4.50-4+deb11u1.dsc
4c76673802a752af1f7a23610006ea11171de20588e68e865f51da744b7ffd37 81368
jetty9_9.4.50-4+deb11u1.debian.tar.xz
0bac2102cdebf062c3d575aa5af7af5dc9702cb4a8286bfdeb40eb8a9cee1ca7 18271
jetty9_9.4.50-4+deb11u1_amd64.buildinfo
Changes:
jetty9 (9.4.50-4+deb11u1) bullseye-security; urgency=high
.
* Team upload.
* Backport Jetty 9 version from Bookworm.
* Fix CVE-2023-36478 and CVE-2023-44487:
Two remotely exploitable security vulnerabilities were discovered in Jetty
9, a Java based web server and servlet engine. The HTTP/2 protocol
implementation did not sufficiently verify if HPACK header values exceed
their size limit. Furthermore the HTTP/2 protocol allowed a denial of
service (server resource consumption) because request cancellation can
reset many streams quickly. This problem is also known as Rapid Reset
Attack.
Files:
feb19c9542e4eceffbf461bac0a8178b 2836 java optional jetty9_9.4.50-4+deb11u1.dsc
ba6c4b895d9e0d3442353390d99c11ef 81368 java optional
jetty9_9.4.50-4+deb11u1.debian.tar.xz
6e62c739bc42ba52b6b31741974f8916 18271 java optional
jetty9_9.4.50-4+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmU/ygJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkfeUQALmCAKJPFsvsuEXsWgeOY+SCWdg7xAFpkS4t
5H6W/SSlVTFgvIPE31iAU3yCs1RHwlgA0j5WE+Uwr49woAgfxnciL+qj/4iY32Qo
e8wqKr8zZAMwG1gbKQH1sTxwuwyM+FZnZamqsbzZWy2AZNC3XRBxraT9SbrZcEvy
x934k0bK50tv0lJ7Yhh90fco08YnIqWccC0T4jreIyK0Oxp0YzAYlpZp8TEdIwbq
ryokAPZYqTrz2RzkLjJSEaWc642fhANyxOjPztYB9q0lB7bpNGBHBsMrrI8c35D2
kXqzm7WJAWXHs+ZRz1FqMZhnWA2tnptMqLNuWKhcP6AXcn3rWTmaMKir+moJPA84
TAdruVssZiMAU2dv0To0Twq01Myh+SeonI/lV3DhG+s9vQ7cZI79y+T9iMxWCHy2
2TxvD2OCho5S9bALMg/HEaPKuWq+V0ZzzBzJU77aQHji9XtkadkdOkhHJMw3UEMR
THwzbsdPUjICEWiufZOPHi1F/obzzXVBWCEPWs9X9slnWaHLiGQFoRGJfu1dOC+U
093XIv3U+lTO/052C1xyvHFV4NvGD2iY6poUekSB3qD2SSeNBdq6Fb6h7Pn8o/4z
sagqKUnM+MJ53qWZfHOg2tM5ltQ9VKVnJPJqMI/GELy5ZenhMO5LtMQxkIwYVOgI
rYgavj9f
=+e8r
-----END PGP SIGNATURE-----
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
