1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted jetty9 9.4.57-0+deb12u1 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Sat Apr 5 19:10:02 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Wed, 2 Apr 2025 03:21:20 CEST
    Source: jetty9
    Architecture: source
    Version: 9.4.57-0+deb12u1
    Distribution: bookworm-security
    Urgency: high
    Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
    Changed-By: Markus Koschany <apo@debian.org>
    Checksums-Sha1:
    39bdaae393184f33c9ff0121cadd99e46d6487a7 2836 jetty9_9.4.57-0+deb12u1.dsc
    4ea2fe7f77fbdc49a9d39295b0943e7544b37a66 9913500 jetty9_9.4.57.orig.tar.xz
    e86b573b231e8f8c5faa85e1058361f5e609813c 30764 jetty9_9.4.57-0+deb12u1.debian.tar.xz
    9fbf251fa3f48a231de63d1a7143872b5da04af5 19348 jetty9_9.4.57-0+deb12u1_amd64.buildinfo
    Checksums-Sha256:
    475eaa8e293207c1b1a1a2df7bb535857af39ecbcc6cfa07ac435ffd3bacd8ff 2836 jetty9_9.4.57-0+deb12u1.dsc
    0b39eb1e68d54c95a199547ba3919335181d03ce4ee5ff00346d986b33d5992f 9913500 jetty9_9.4.57.orig.tar.xz
    d85346856713dda7a186d1ad8e18a09e89f7ca542199db8ea2c4aa3f18ac637e 30764 jetty9_9.4.57-0+deb12u1.debian.tar.xz
    0f64fea799bc8d76606da51954dcf99f24d111acd5b194e2e99498a9f5aadf56 19348 jetty9_9.4.57-0+deb12u1_amd64.buildinfo
    Changes:
    jetty9 (9.4.57-0+deb12u1) bookworm-security; urgency=high
    .
    * Team upload.
    * New upstream release 9.4.57.
    - Fix CVE-2024-8184:
    There exists a security vulnerability in Jetty's
    ThreadLimitHandler.getRemote() which can be exploited by unauthorized
    users to cause remote denial-of-service (DoS) attack. By repeatedly
    sending crafted requests, attackers can trigger OutofMemory errors and
    exhaust the server's memory.
    - Fix CVE-2024-9823:
    There exists a security vulnerability in Jetty's DosFilter which can be
    exploited by unauthorized users to cause remote denial-of-service (DoS)
    attack on the server using DosFilter. By repeatedly sending crafted
    requests, attackers can trigger OutofMemory errors and exhaust the
    server's memory finally.
    - CVE-2024-6762: Deprecate and warn about using PushSessionCacheFilter and
    PushCacheFilter.
    Files:
    cc69cf885756a8a4783d7511ea2dabda 2836 java optional jetty9_9.4.57-0+deb12u1.dsc
    53d9f283ec2bb7a11c16b0998f2f391e 9913500 java optional jetty9_9.4.57.orig.tar.xz
    1b359e598d79d7ee82964afbedc45804 30764 java optional jetty9_9.4.57-0+deb12u1.debian.tar.xz
    ea9eb3b35409ca08306dd9f3b1c01ca5 19348 java optional jetty9_9.4.57-0+deb12u1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmfskTxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkRz8P/R3nEr9eUV/dywV0RSdmYTnQhTm+lPy3MOXT lYrSgfxkZLhvVitQTeTAr5yF9aqabxWOwzeVwCRXxBrP5rO1yvPeWvXO+UAQwace BKxgXiyMEmx/t6Lp+BN2tWBd2h6d4KJuMBnpzc8h8pkMm0lDV7QMUhiDJy+hHGFk CMAf06U9o09cRRkbYZcyoTymQKBncIDn0hBPJzK7WXthAfCrzPxJ6m7KwMWjcEBc GD3RMXChNbSDyFa7YHJzk7IpZfE1SK/4t5nQuke+6VVNX+1ZK1DgTxSA5Ro7rVQ2 4iW3cc81AzRyc/uaiuLyBPNyEeYy613a9BKRl5fP+6bngZtb5H3/2aPuAlI2q2Oe vnFL9+ugvp5CzZ5sTaKOnyplMtuAY/CVf/sOOwMeh/cDxaVTstLMskZ/VqDh1LQ1 75WuaE/JO4pZdS4jDkC7SF+dKjQzzlzn1rPJiiQCJwU67TR5Ip092vCT2lSbur6t sc/vudISM0tanb+Bm2eFfCK6xgYT3zSX2sxj2kZDRCeyH9SdVFDR/+0X6tooyZf8 +W1oeHeCckD3QBmlOQ6JGBOnYmIQjUk23gHP0vMCM3SEdgBiaSTs05hFW9JWydIE IhMzq8x7AUdTfncZt8Z5I7J2hQYQoSJkYwav4lAA4WZj0o12Lqfa7KMRMs+TDoP7
    dEO3cUr3
    =nxGU
    -----END PGP SIGNATURE-----


    --==============â57819811544374685=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ/FibwAKCRCb9qggYcy5 IR55AP9q76r6souI6ba9Zrftv+G8vLpuCY+XubdHwEzmMcEzQwD+LiHTBc6Pv2Z4 iOmnPy3xU+zvS0WzgbHFpuEScTldXgM=DnCz
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)