Source: jetty9 X-Debbugs-CC: t...@security.debian.org Severity: normal Tags: security
Hi, The following vulnerability was published for jetty9. CVE-2024-6762[0]: | Jetty PushSessionCacheFilter can be exploited by unauthenticated | users to launch remote DoS attacks by exhausting the server’s | memory. https://github.com/jetty/jetty.project/security/advisories/GHSA-r7m4-f9h5-gr79 The advisory mentions only 10.x and later to be affected, but PushSessionCacheFilter seems also present in our jetty9 package. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-6762 https://www.cve.org/CVERecord?id=CVE-2024-6762 Please adjust the affected versions in the BTS as needed.
