-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed,  2 Apr 2025 03:21:20 CEST
Source: jetty9
Architecture: source
Version: 9.4.57-0+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 39bdaae393184f33c9ff0121cadd99e46d6487a7 2836 jetty9_9.4.57-0+deb12u1.dsc
 4ea2fe7f77fbdc49a9d39295b0943e7544b37a66 9913500 jetty9_9.4.57.orig.tar.xz
 e86b573b231e8f8c5faa85e1058361f5e609813c 30764 jetty9_9.4.57-0+deb12u1.debian.tar.xz
 9fbf251fa3f48a231de63d1a7143872b5da04af5 19348 jetty9_9.4.57-0+deb12u1_amd64.buildinfo
Checksums-Sha256:
 475eaa8e293207c1b1a1a2df7bb535857af39ecbcc6cfa07ac435ffd3bacd8ff 2836 jetty9_9.4.57-0+deb12u1.dsc
 0b39eb1e68d54c95a199547ba3919335181d03ce4ee5ff00346d986b33d5992f 9913500 jetty9_9.4.57.orig.tar.xz
 d85346856713dda7a186d1ad8e18a09e89f7ca542199db8ea2c4aa3f18ac637e 30764 jetty9_9.4.57-0+deb12u1.debian.tar.xz
 0f64fea799bc8d76606da51954dcf99f24d111acd5b194e2e99498a9f5aadf56 19348 jetty9_9.4.57-0+deb12u1_amd64.buildinfo
Changes:
 jetty9 (9.4.57-0+deb12u1) bookworm-security; urgency=high
 .
   * Team upload.
   * New upstream release 9.4.57.
     - Fix CVE-2024-8184:
       There exists a security vulnerability in Jetty's
       ThreadLimitHandler.getRemote() which can be exploited by unauthorized
       users to cause remote denial-of-service (DoS) attack. By repeatedly
       sending crafted requests, attackers can trigger OutofMemory errors and
       exhaust the server's memory.
     - Fix CVE-2024-9823:
       There exists a security vulnerability in Jetty's DosFilter which can be
       exploited by unauthorized users to cause remote denial-of-service (DoS)
       attack on the server using DosFilter. By repeatedly sending crafted
       requests, attackers can trigger OutofMemory errors and exhaust the
       server's memory finally.
     - CVE-2024-6762: Deprecate and warn about using PushSessionCacheFilter and
       PushCacheFilter.
Files:
 cc69cf885756a8a4783d7511ea2dabda 2836 java optional jetty9_9.4.57-0+deb12u1.dsc
 53d9f283ec2bb7a11c16b0998f2f391e 9913500 java optional jetty9_9.4.57.orig.tar.xz
 1b359e598d79d7ee82964afbedc45804 30764 java optional jetty9_9.4.57-0+deb12u1.debian.tar.xz
 ea9eb3b35409ca08306dd9f3b1c01ca5 19348 java optional jetty9_9.4.57-0+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmfskTxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkRz8P/R3nEr9eUV/dywV0RSdmYTnQhTm+lPy3MOXT
lYrSgfxkZLhvVitQTeTAr5yF9aqabxWOwzeVwCRXxBrP5rO1yvPeWvXO+UAQwace
BKxgXiyMEmx/t6Lp+BN2tWBd2h6d4KJuMBnpzc8h8pkMm0lDV7QMUhiDJy+hHGFk
CMAf06U9o09cRRkbYZcyoTymQKBncIDn0hBPJzK7WXthAfCrzPxJ6m7KwMWjcEBc
GD3RMXChNbSDyFa7YHJzk7IpZfE1SK/4t5nQuke+6VVNX+1ZK1DgTxSA5Ro7rVQ2
4iW3cc81AzRyc/uaiuLyBPNyEeYy613a9BKRl5fP+6bngZtb5H3/2aPuAlI2q2Oe
vnFL9+ugvp5CzZ5sTaKOnyplMtuAY/CVf/sOOwMeh/cDxaVTstLMskZ/VqDh1LQ1
75WuaE/JO4pZdS4jDkC7SF+dKjQzzlzn1rPJiiQCJwU67TR5Ip092vCT2lSbur6t
sc/vudISM0tanb+Bm2eFfCK6xgYT3zSX2sxj2kZDRCeyH9SdVFDR/+0X6tooyZf8
+W1oeHeCckD3QBmlOQ6JGBOnYmIQjUk23gHP0vMCM3SEdgBiaSTs05hFW9JWydIE
IhMzq8x7AUdTfncZt8Z5I7J2hQYQoSJkYwav4lAA4WZj0o12Lqfa7KMRMs+TDoP7
dEO3cUr3
=nxGU
-----END PGP SIGNATURE-----