-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 01 Apr 2025 19:22:08 +0200
Source: jetty9
Binary: jetty9 libjetty9-extra-java libjetty9-java
Architecture: all
Version: 9.4.57-0+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) <buildd_amd64-x86-grnet-03@buildd.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 jetty9     - Java servlet engine and webserver
 libjetty9-extra-java - Java servlet engine and webserver -- extra libraries
 libjetty9-java - Java servlet engine and webserver -- core libraries
Changes:
 jetty9 (9.4.57-0+deb12u1) bookworm-security; urgency=high
 .
   * Team upload.
   * New upstream release 9.4.57.
     - Fix CVE-2024-8184:
       There exists a security vulnerability in Jetty's
       ThreadLimitHandler.getRemote() which can be exploited by unauthorized
       users to cause remote denial-of-service (DoS) attack. By repeatedly
       sending crafted requests, attackers can trigger OutofMemory errors and
       exhaust the server's memory.
     - Fix CVE-2024-9823:
       There exists a security vulnerability in Jetty's DosFilter which can be
       exploited by unauthorized users to cause remote denial-of-service (DoS)
       attack on the server using DosFilter. By repeatedly sending crafted
       requests, attackers can trigger OutofMemory errors and exhaust the
       server's memory finally.
     - CVE-2024-6762: Deprecate and warn about using PushSessionCacheFilter and
       PushCacheFilter.
Checksums-Sha1:
 b6168260e7cf5410363207136b48009fef58ecde 18804 jetty9_9.4.57-0+deb12u1_all-buildd.buildinfo
 86de449e11874132218022b2b043e1b165e986f5 272960 jetty9_9.4.57-0+deb12u1_all.deb
 83b0ee112aeed3661409815e3b4125d5aeae9092 1373852 libjetty9-extra-java_9.4.57-0+deb12u1_all.deb
 0977391483b9abb9ee42ed1cdcd610fd94b69142 2984384 libjetty9-java_9.4.57-0+deb12u1_all.deb
Checksums-Sha256:
 248cc71dbf76b91072335b698661b33ee93751bb98f2e6c59212f459ef346e9b 18804 jetty9_9.4.57-0+deb12u1_all-buildd.buildinfo
 ed495a6873a036dfaf1bd87a5b39aefcdcf57200d1328a096482c341554df2ee 272960 jetty9_9.4.57-0+deb12u1_all.deb
 c8932ff9c0a9b400eb7cd10175f9e35c148bc3d3c570803b5a8d4ee8c8d63745 1373852 libjetty9-extra-java_9.4.57-0+deb12u1_all.deb
 e653be38e98a46be21febc0f8e2d2728da8462fef3f3bcaff44c35668eb2dbb1 2984384 libjetty9-java_9.4.57-0+deb12u1_all.deb
Files:
 ee790972b9589e0db81818958829604a 18804 java optional jetty9_9.4.57-0+deb12u1_all-buildd.buildinfo
 48b94baca1180376eaa5f5583c246a50 272960 java optional jetty9_9.4.57-0+deb12u1_all.deb
 e056229b38031ce1a97fedf7eec019e9 1373852 java optional libjetty9-extra-java_9.4.57-0+deb12u1_all.deb
 018c8690b2461153dcc355251ae3998f 2984384 java optional libjetty9-java_9.4.57-0+deb12u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIyBAEBCgAdFiEEHqtYLkdKRyCY94K8fUw6/tXbAmMFAmfsmFkACgkQfUw6/tXb
AmMZcw/4pOKF14ENKQZGdbMuxsvqBh1+K4bfjCp51mlEd8cp9WpK80urUG0egB42
rajiASXk6Vwd/gT0raBfxo51perxRO56/h1pXzVq8uxLjhOJIRe3C8Ua9WiH4oZX
1oOM5k/iS3k4bwEFH2Y8vGxSQzc2JSWRTjgOK38YMJPWuKVcSfz0U91Q85s7R9lV
AUhI5zz9FVqyXKa5TOfnBrtVCjw6jThuI/cspN2vGrLFy9uiwTrEDt0JXdHfd8pw
TSmDhTdTi7UVQm9yKbh2z3Txh4QhJaAh1CtRveilR7qEhwkCntAPWjEM24fN7Z0N
mvAIV0xYZWPgxKFXvKNE5xCq7j/SUd3/KoUAzHI0Uqdpf+noQCeQvPTy8VeUa5Ra
6fhU0H86PcEtuP5eW6b+yORQ1PQuAe6+COkEkKUjJI7aI8Z8ztLoBkiSURPHd6RD
hKs/QjaEdEzIH6NidCtfJht52WxYcVCQ2+wqf6c62GXxi26CyW0drb9UwYKl8EJJ
LwOoisjDOWt36LX9+TVtfYD3HnbPR47rUDH42nMBhe7SyWvVshbEG4FqSWLdtbUV
M4IT63DBDR9D/S0FC4YRGpUUstfHm1OxSVWeLsR0Y8J0ujzUJ6V+s6DU/9sZb4u2
v0DPbWCV2ExYQLK4W02FKbL6cU4xKb2FeGol7PpdgZUZxVC9bw==
=GfgE
-----END PGP SIGNATURE-----