-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4949-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 04, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : jetty9 CVE ID : CVE-2019-10241 CVE-2019-10247 CVE-2020-27216 CVE-2020-27223 CVE-2020-28165 CVE-2020-28169 CVE-2021-34428 Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in cross-site scripting, information disclosure, privilege escalation or denial of service. For the stable distribution (buster), these problems have been fixed in version 9.4.16-0+deb10u1. We recommend that you upgrade your jetty9 packages. For the detailed security status of jetty9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jetty9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmELC8oACgkQEMKTtsN8 TjZxsg/+L9a9Soj91or7HujO/ZN3METABLUThcEXs5Pkjv7A7SIKaxPLQs4Y/ltJ C9bDixpE7zSxM5RYmrEoRVH/FTbvrwE4VmIC2KuMRaS450hROMZ2zCLTo0BgFrDS Mjp/Fgk3h1o0JpEhk2wo/BFDoHgusXGYqcx/m6Q4khdctl7qP5PPPRfqn22Ewmd8 M6Uon1icIr9QFoAXDaaJpyK4Q9YsdouinnkmvYjUp4eTv9YbanqyRvI5tA/1anaf t4Rs9w3z26kGteTLa/eOhlrP+zvUi3ws27HbV66suTfJ0e3UY01jHVE7jpsVlLSB za/WifUlKzvKDepg0Ci1oig3wF19oK+G9meqEWx2MOjuMKKY8Wt+nvic8YDGVn6G 6oCVjuscxITCWzhE9XVpvEWhLDxDdwk2vCRn8fe/h+CumSFmhVpwaeGX3OD4rj+P f/0FcVQyf+M03gRMLEHKWFt7l5BMhyh24CRV+0NMfvBq817OZxJtquIUWT2UbhJS E4f6VL2sqTIEDlGfDyUk9Zpp41ce7RR+zpKk2N+apILBTkbCuGJjPqcgIsTZt00l 5S4eGUqB9mwzJg1XPKTiADjx0vD0Gb+ZMg9Tukjd3TJc7b6Pa3vpkW68+aRFNtgI iUl/rp8i65sGVjxyHMHF6uxl5LTNd+30C4fkDekCPoY28oUWsxA= =kkuT -----END PGP SIGNATURE-----