Debian Security Advisory
DSA-4278-1 jetty9 -- security update
- Date Reported:
- 19 Aug 2018
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-7656, CVE-2017-7657, CVE-2017-7658.
- More information:
Multiple vulnerabilities were discovered in Jetty, a Java servlet engine and webserver which could result in HTTP request smuggling.
For the stable distribution (stretch), these problems have been fixed in version 9.2.21-1+deb9u1.
We recommend that you upgrade your jetty9 packages.
For the detailed security status of jetty9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/jetty9