-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5894-1                   security@debian.org
https://www.debian.org/security/                          Markus Koschany
April 05, 2025                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : jetty9
CVE ID         : CVE-2024-6762 CVE-2024-8184 CVE-2024-9823
Debian Bug     : 1085697

Jetty 9 is a Java based web server and servlet engine. Several security
vulnerabilities have been discovered which may allow remote attackers to cause
a denial of service by repeatedly sending crafted requests which can trigger
OutofMemory errors and exhaust the server's memory.

CVE-2024-6762: In addition PushSessionCacheFilter and PushCacheFilter have been
deprecated. These classes should no longer be used in a production environment.

For the stable distribution (bookworm), these problems have been fixed in
version 9.4.57-0+deb12u1.

We recommend that you upgrade your jetty9 packages.

For the detailed security status of jetty9 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jetty9

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmfwXTtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRrjw/+KDRtezBQzD2MBhWt7GzKPF27qyC+BwgSKWWzrJYTUTy0iU+Ugfd9X3Q6
6OpRa8Uigw5urITrmbH1Bgz1m3OMah3HdYAdGQVLgixAek0Da0eRxyAkFj/7D185
Y0He/8EDbdn2nWsPijjbI7kxnoccs6bWM/du7HM5XQnO2Z1TP0aLv79q7mywMyX9
55PwlfYQbG+O05B83P6fmTkfY8BjRK4cEjxGOPtbIqVyi6B6NjhtxQzzD23rK0RK
uTvbkl3y2OjddMjHcQyYxpF7+yOwt809hsiQA0gYzu716FqmtEeaM7O43rQo29Uu
nj5/vsgOA4k8N3rsmA4JgzJhetw8HJNNZAVLs/xD4q+bKaVKyxHC3m/s8ooOoebR
AOZohAhF+s4b34xSHzJtH+Ov4GqYlKlHQ0RVmvLihF6JJlQmfrUJkhNZB4RnkWXS
MFdbes3HlyzWLR2iaTSzQHCXVsXMFfl09QFoD4QIEhdB/z5lJ8NIozIdb9N69L/I
pZyeLr1AbmeoHZaJqzlwMw9tWOyQCqLlNQOuP4ngI4pD/rRE1BDGNBRj8j8rHyn8
TBDzP+Qi///3YFqfyKhAuefImIP8BOoET8p3dWTM+vKR/EZEXIiHBDjS8hqBPs9K
pW3U0R43xFVfJhbgI7B9UIyfJkoJhZIMToAGs/OMCyQkjjA1IrA=
=5uco
-----END PGP SIGNATURE-----