# jetty-annotations-9.4.57-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15160-1
Rating: moderate

Cross-References:

  * CVE-2024-13009
  * CVE-2024-6763

CVSS scores:

  * CVE-2024-13009 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
  * CVE-2024-6763 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
  * CVE-2024-6763 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

  * openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the jetty-annotations-9.4.57-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

  * openSUSE Tumbleweed:
    * jetty-annotations 9.4.57-1.1
    * jetty-ant 9.4.57-1.1
    * jetty-cdi 9.4.57-1.1
    * jetty-client 9.4.57-1.1
    * jetty-continuation 9.4.57-1.1
    * jetty-deploy 9.4.57-1.1
    * jetty-fcgi 9.4.57-1.1
    * jetty-http 9.4.57-1.1
    * jetty-http-spi 9.4.57-1.1
    * jetty-io 9.4.57-1.1
    * jetty-jaas 9.4.57-1.1
    * jetty-jmx 9.4.57-1.1
    * jetty-jndi 9.4.57-1.1
    * jetty-jsp 9.4.57-1.1
    * jetty-minimal-javadoc 9.4.57-1.1
    * jetty-openid 9.4.57-1.1
    * jetty-plus 9.4.57-1.1
    * jetty-project 9.4.57-1.1
    * jetty-proxy 9.4.57-1.1
    * jetty-quickstart 9.4.57-1.1
    * jetty-rewrite 9.4.57-1.1
    * jetty-security 9.4.57-1.1
    * jetty-server 9.4.57-1.1
    * jetty-servlet 9.4.57-1.1
    * jetty-servlets 9.4.57-1.1
    * jetty-start 9.4.57-1.1
    * jetty-util 9.4.57-1.1
    * jetty-util-ajax 9.4.57-1.1
    * jetty-webapp 9.4.57-1.1
    * jetty-xml 9.4.57-1.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-13009.html
  * https://www.suse.com/security/cve/CVE-2024-6763.html