-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 01 Apr 2025 19:22:08 +0200 Source: jetty9 Binary: jetty9 libjetty9-extra-java libjetty9-java Architecture: all Version: 9.4.57-0+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Markus Koschany Description: jetty9 - Java servlet engine and webserver libjetty9-extra-java - Java servlet engine and webserver -- extra libraries libjetty9-java - Java servlet engine and webserver -- core libraries Changes: jetty9 (9.4.57-0+deb12u1) bookworm-security; urgency=high . * Team upload. * New upstream release 9.4.57. - Fix CVE-2024-8184: There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote() which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory. - Fix CVE-2024-9823: There exists a security vulnerability in Jetty's DosFilter which can be exploited by unauthorized users to cause remote denial-of-service (DoS) attack on the server using DosFilter. By repeatedly sending crafted requests, attackers can trigger OutofMemory errors and exhaust the server's memory finally. - CVE-2024-6762: Deprecate and warn about using PushSessionCacheFilter and PushCacheFilter. Checksums-Sha1: b6168260e7cf5410363207136b48009fef58ecde 18804 jetty9_9.4.57-0+deb12u1_all-buildd.buildinfo 86de449e11874132218022b2b043e1b165e986f5 272960 jetty9_9.4.57-0+deb12u1_all.deb 83b0ee112aeed3661409815e3b4125d5aeae9092 1373852 libjetty9-extra-java_9.4.57-0+deb12u1_all.deb 0977391483b9abb9ee42ed1cdcd610fd94b69142 2984384 libjetty9-java_9.4.57-0+deb12u1_all.deb Checksums-Sha256: 248cc71dbf76b91072335b698661b33ee93751bb98f2e6c59212f459ef346e9b 18804 jetty9_9.4.57-0+deb12u1_all-buildd.buildinfo ed495a6873a036dfaf1bd87a5b39aefcdcf57200d1328a096482c341554df2ee 272960 jetty9_9.4.57-0+deb12u1_all.deb c8932ff9c0a9b400eb7cd10175f9e35c148bc3d3c570803b5a8d4ee8c8d63745 1373852 libjetty9-extra-java_9.4.57-0+deb12u1_all.deb e653be38e98a46be21febc0f8e2d2728da8462fef3f3bcaff44c35668eb2dbb1 2984384 libjetty9-java_9.4.57-0+deb12u1_all.deb Files: ee790972b9589e0db81818958829604a 18804 java optional jetty9_9.4.57-0+deb12u1_all-buildd.buildinfo 48b94baca1180376eaa5f5583c246a50 272960 java optional jetty9_9.4.57-0+deb12u1_all.deb e056229b38031ce1a97fedf7eec019e9 1373852 java optional libjetty9-extra-java_9.4.57-0+deb12u1_all.deb 018c8690b2461153dcc355251ae3998f 2984384 java optional libjetty9-java_9.4.57-0+deb12u1_all.deb -----BEGIN PGP SIGNATURE----- iQIyBAEBCgAdFiEEHqtYLkdKRyCY94K8fUw6/tXbAmMFAmfsmFkACgkQfUw6/tXb AmMZcw/4pOKF14ENKQZGdbMuxsvqBh1+K4bfjCp51mlEd8cp9WpK80urUG0egB42 rajiASXk6Vwd/gT0raBfxo51perxRO56/h1pXzVq8uxLjhOJIRe3C8Ua9WiH4oZX 1oOM5k/iS3k4bwEFH2Y8vGxSQzc2JSWRTjgOK38YMJPWuKVcSfz0U91Q85s7R9lV AUhI5zz9FVqyXKa5TOfnBrtVCjw6jThuI/cspN2vGrLFy9uiwTrEDt0JXdHfd8pw TSmDhTdTi7UVQm9yKbh2z3Txh4QhJaAh1CtRveilR7qEhwkCntAPWjEM24fN7Z0N mvAIV0xYZWPgxKFXvKNE5xCq7j/SUd3/KoUAzHI0Uqdpf+noQCeQvPTy8VeUa5Ra 6fhU0H86PcEtuP5eW6b+yORQ1PQuAe6+COkEkKUjJI7aI8Z8ztLoBkiSURPHd6RD hKs/QjaEdEzIH6NidCtfJht52WxYcVCQ2+wqf6c62GXxi26CyW0drb9UwYKl8EJJ LwOoisjDOWt36LX9+TVtfYD3HnbPR47rUDH42nMBhe7SyWvVshbEG4FqSWLdtbUV M4IT63DBDR9D/S0FC4YRGpUUstfHm1OxSVWeLsR0Y8J0ujzUJ6V+s6DU/9sZb4u2 v0DPbWCV2ExYQLK4W02FKbL6cU4xKb2FeGol7PpdgZUZxVC9bw== =GfgE -----END PGP SIGNATURE-----