jetty9 9.2.25-1 source package in Ubuntu

Changelog

jetty9 (9.2.25-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Fixes CVE-2017-7656: A remote user can submit a specially crafted HTTP/0.9
      request containing invalid request headers to cause Jetty and an upstream
      HTTP agent (such as an origin server or another proxy) to interpret the
      boundary of the HTTP request differently. As a result, a malicious request
      may be embedded within another request as processed by the subsequent
      system. This allows a remote user to potentially poison the cache.
    - Fixes CVE-2017-7657: A remote user can submit a specially crafted HTTP
      request containing invalid Chunked Transfer-Encoding headers to cause
      Jetty and an upstream HTTP agent (such as an origin server or another
      proxy) to interpret the boundary of the HTTP request differently.
      As a result, a malicious request may be embedded within another request
      as processed by the subsequent system. This allows a remote user to
      potentially poison the cache.
    - Fixes CVE-2017-7658: A remote user can submit a specially crafted HTTP
      request containing more than one Content-Length header to cause Jetty
      and an upstream HTTP agent (such as an origin server or another proxy)
      to interpret the boundary of the HTTP request differently. As a result,
      a malicious request may be embedded within another request as processed
      by the subsequent system. This allows a remote user to potentially poison
      the cache.
  * Compile with the --release parameter to preserve the compatibility
    with older JREs

 -- Emmanuel Bourg <email address hidden>  Tue, 03 Jul 2018 14:31:51 +0200