Your message dated Wed, 21 Jun 2023 13:10:24 +0200
with message-id <ZJLaoPjVWaq/[email protected]>
and subject line Accepted trafficserver 9.2.1+ds-1 (source) into unstable
has caused the Debian Bug report #1038248,
regarding trafficserver: CVE-2022-47184 CVE-2023-30631 CVE-2023-33933
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1038248: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038248
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: trafficserver
Version: 9.2.0+ds-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 8.1.6+ds-1~deb11u1
Control: found -1 8.0.2+ds-1+deb10u6
Hi,
The following vulnerabilities were published for trafficserver.
CVE-2022-47184[0]:
| Exposure of Sensitive Information to an Unauthorized Actor
| vulnerability in Apache Software Foundation Apache Traffic
| Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.
CVE-2023-30631[1]:
| Improper Input Validation vulnerability in Apache Software
| Foundation Apache Traffic Server. The configuration
| option proxy.config.http.push_method_enabled didn't function.
| However, by default the PUSH method is blocked in the ip_allow
| configuration file.This issue affects Apache Traffic Server: from
| 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later
| versions 9.x users should upgrade to 9.2.1 or later versions
CVE-2023-33933[2]:
| Exposure of Sensitive Information to an Unauthorized Actor
| vulnerability in Apache Software Foundation Apache Traffic
| Server.This issue affects Apache Traffic Server: from 8.0.0 through
| 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x
| users should upgrade to 9.2.1 or later versions
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-47184
https://www.cve.org/CVERecord?id=CVE-2022-47184
[1] https://security-tracker.debian.org/tracker/CVE-2023-30631
https://www.cve.org/CVERecord?id=CVE-2023-30631
[2] https://security-tracker.debian.org/tracker/CVE-2023-33933
https://www.cve.org/CVERecord?id=CVE-2023-33933
[3] https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: trafficserver
Source-Version: 9.2.1+ds-1
----- Forwarded message from Debian FTP Masters
<[email protected]> -----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 19 Jun 2023 11:44:27 +0200
Source: trafficserver
Architecture: source
Version: 9.2.1+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Jean Baptiste Favre <[email protected]>
Changed-By: Jean Baptiste Favre <[email protected]>
Changes:
trafficserver (9.2.1+ds-1) unstable; urgency=medium
.
* New upstream version 9.2.1+ds
* Update d/patches for 9.2.1 release
* Update Build-Depends to allow documentation build
* Update patch to fix HTTP proxy tests plus forwarded URL
* Update patch to fix doc build plus forwarded URL
* Update d/copyright
Checksums-Sha1:
356f853059dbf44cac8ef42722e606332097589c 3022 trafficserver_9.2.1+ds-1.dsc
6ceae193d90e21f68bf50461e7cb03520f8da0b3 8931532
trafficserver_9.2.1+ds.orig.tar.xz
327debbc5d66e2d66c14d8ecd6003388f2c9e763 36092
trafficserver_9.2.1+ds-1.debian.tar.xz
9ec32eef3ca102834296cc4a56f1ca6f87bbb59f 12431
trafficserver_9.2.1+ds-1_source.buildinfo
Checksums-Sha256:
de5c7539a3179de8592ea32232a601c3fd274007d75d29e7765ecec903dd705f 3022
trafficserver_9.2.1+ds-1.dsc
30551ba7c7193657e64b302fd263bdee6188ae08f7cfb36234c5fb606943e7e0 8931532
trafficserver_9.2.1+ds.orig.tar.xz
d87e2cfeb0d44ba06df459d35bb0357e6b29a53deecd46532ae344ed5e564953 36092
trafficserver_9.2.1+ds-1.debian.tar.xz
5312087d7f6e8c5bc3f776d2ce296d778c54a9b345bdef3313870552e350e6c4 12431
trafficserver_9.2.1+ds-1_source.buildinfo
Files:
82a1eff71e6e13229e90c75d973b3caf 3022 web optional trafficserver_9.2.1+ds-1.dsc
59e279fe2b6f09107609e6ed8745fcf0 8931532 web optional
trafficserver_9.2.1+ds.orig.tar.xz
8a92cd28e074c3a27fb2e34cc628714a 36092 web optional
trafficserver_9.2.1+ds-1.debian.tar.xz
832e8e1a505a919b20ea9bf99f09dc82 12431 web optional
trafficserver_9.2.1+ds-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEToRbojDLTUSJBphHtN1Tas99hzcFAmSR0idfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRF
ODQ1QkEyMzBDQjRENDQ4OTA2OTg0N0I0REQ1MzZBQ0Y3RDg3MzcACgkQtN1Tas99
hzfTIxAAm+tokuscPbTf+aTuP3napu0U6peWoqprJcVvqkGwA4XSjwvqtSTXnYtE
luzenhRVkr3ZwYfAi88UtAT4VJKWq7OqOY+UfqQ4Gok65mmpiijfvzFFkC6/a0I0
/KUA4qqJup8Bh0VSKe3xZGUx7rBR4UuFd4k8Km90yBBU4vkai7qmlH2sAO4VdobG
L0D2FW5uj1lKeDZkFS0ftnbhGt6HXQKF68xOXQHSCIegHF44b0/Hey42YCB6ymqj
6tbJUf2ZrW2A7qUIMo+aT902lNAQ2sFINfTM4wXhLXMFWoVBOvD77oDJBNfU0o+D
7x6Qxnfl2ZUl/bXVkZvmDwsjps7hOGhWzyo4awYoyTV9psQAwQ4kFWIDe2+GDcqg
NXpfEHVXQIgD6fdE9tHHPl9MjKYLkyZzC035aKrh9MiEyh6r97d2bWXKhS+3mMPG
AJ+/xEkgr9qzDx7X3KtGgUVYLFTA0lagSwv7Rt39xbU2rRIn7eKsJMOcABXrYG57
Yl9odsfo8cQnEulIwIl5zZ198dmmt65FqM+Jts+7fzh3+abZ3MRLweodZjBMNXnZ
TaT/aWM/XVHzI6LDGODrDjbBWk0kMzAwEoK0EG1p/l9sdMFzJO8f6nkx9u0DdbSv
UGO6y3ilqaCp/00Qc/PHq8zYADJAHTGRZwWvmzoy4/HgFqFcQow=
=2zCe
-----END PGP SIGNATURE-----
----- End forwarded message -----
--- End Message ---
