Overview

File _patchinfo of Package patchinfo.29061

<patchinfo incident="29061">
  <issue tracker="cve" id="2023-26048"/>
  <issue tracker="cve" id="2023-26049"/>
  <issue tracker="bnc" id="1210621">VUL-0: CVE-2023-26049: jetty-minimal,jetty-websocket: Cookie parsing of quoted values can exfiltrate values from other cookies</issue>
  <issue tracker="bnc" id="1210620">VUL-0: CVE-2023-26048: jetty-minimal,jetty-websocket: OutOfMemoryError for large multipart without filename read via request.getParameter()</issue>
  <packager>fstrba</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for jetty-minimal</summary>
  <description>This update for jetty-minimal fixes the following issues:

Updated to version 9.4.51.v20230217:
- CVE-2023-26048: Fixed an excessive memory consumption when
  processing a large multipart request (bsc#1210620)
- CVE-2023-26049: Fixed a cookie exfiltration issue due to improper
  parsing (bsc#1210621).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places