Your message dated Sat, 13 Apr 2024 09:35:18 +0000 with message-id <e1rvzn4-003qdc...@fasolo.debian.org> and subject line Bug#1068417: fixed in trafficserver 9.2.4+ds-1 has caused the Debian Bug report #1068417, regarding trafficserver: CVE-2024-31309: HTTP/2 CONTINUATION frames can be utilized for DoS attacks to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068417: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068417 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: trafficserver Version: 9.2.3+ds-1+deb12u1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 8.1.9+ds-1~deb11u1 Hi, The following vulnerability was published for trafficserver. CVE-2024-31309[0]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-31309 https://www.cve.org/CVERecord?id=CVE-2024-31309 [1] https://www.kb.cert.org/vuls/id/421644 [2] https://github.com/apache/trafficserver/pull/11207 [3] https://github.com/apache/trafficserver/pull/11206 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: trafficserver Source-Version: 9.2.4+ds-1 Done: Jean Baptiste Favre <deb...@jbfavre.org> We believe that the bug you reported is fixed in the latest version of trafficserver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1068...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jean Baptiste Favre <deb...@jbfavre.org> (supplier of updated trafficserver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 13 Apr 2024 09:56:13 +0200 Source: trafficserver Architecture: source Version: 9.2.4+ds-1 Distribution: unstable Urgency: medium Maintainer: Jean Baptiste Favre <deb...@jbfavre.org> Changed-By: Jean Baptiste Favre <deb...@jbfavre.org> Closes: 1068417 Changes: trafficserver (9.2.4+ds-1) unstable; urgency=medium . * New upstream version 9.2.4+ds * Refresh d/patches for 9.2.4 release * Update Debian Policy version * Update d/copyright fixing lintian superfluous-file-pattern warning * Update d/control to fix lintian build-depends-on-obsolete-package warning * CVEs fix (Closes: #1068417) - CVE-2024-31309: HTTP/2 CONTINUATION DoS attack Checksums-Sha1: 0f5eb38ad5c4f6d0442798647c639842886d6ec0 2986 trafficserver_9.2.4+ds-1.dsc cd8b0489c081639feab09a8b6b2ee35187bc9237 8946216 trafficserver_9.2.4+ds.orig.tar.xz 695ae8f403027f50f52225f92efd7caab6e409d8 35504 trafficserver_9.2.4+ds-1.debian.tar.xz 818cc2843daec9fe942d99ab254a0a4e7672f3cf 12681 trafficserver_9.2.4+ds-1_source.buildinfo Checksums-Sha256: 319d1934b38c42944adc1c706e9e027564ff77181aabf8899f87ab2c651f713d 2986 trafficserver_9.2.4+ds-1.dsc 9eb6089cfb91d07eb2b44d26c6f37ed1071fd1eb19113e6870afeefdc801cda7 8946216 trafficserver_9.2.4+ds.orig.tar.xz 17fe4972ae4ed3cdc3e057a9dd6fcb2593e4a0205d007b5d3bee332217dcca81 35504 trafficserver_9.2.4+ds-1.debian.tar.xz 17239c5ee8f222ad577b8504690182f083eb5ff33b0fd4cfc372284fdc118c13 12681 trafficserver_9.2.4+ds-1_source.buildinfo Files: d294b58fd486357ac37a4eab3b35abeb 2986 web optional trafficserver_9.2.4+ds-1.dsc 0e061f5cdca01522220fb748ae34e6fb 8946216 web optional trafficserver_9.2.4+ds.orig.tar.xz 6dc7833e006b220a042930bcf23bcc25 35504 web optional trafficserver_9.2.4+ds-1.debian.tar.xz 9f0478d4088648046b2afbfde4958de3 12681 web optional trafficserver_9.2.4+ds-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEToRbojDLTUSJBphHtN1Tas99hzcFAmYaTK9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRF ODQ1QkEyMzBDQjRENDQ4OTA2OTg0N0I0REQ1MzZBQ0Y3RDg3MzcACgkQtN1Tas99 hzd0kg//Wv9577ixOvM7wz25AcU4XM598PNByWsTMpc/R3tJgsjaUMpKUHCqiQoJ rCg/IOC25squ+ZFPCUtVsiFi5086/zuKve293ol4m+21q4Yk7ntOnXTO+v2UsFaM sTfOM0k3WsdLqnjyj5z4RiayTDfGD6v2Qq79idzvFDdHWrOEliJgYLlFXCoYxiW7 cAIZSNWN/0Wp5a3jXNDsbqnAp2IRM4681ZAnx7XEiSSqQ0zaeMl7wJqBAITu9yFl RZVilAhf+iWSPTgDKPC3xKgLsjvcExTeooiXRpAKxe+UwC5RkDbhbGw6T5WRCCju Pfu7FbWY34e+YFTa4UQekIzKd7W7trmG0mZBYK4z0Si89fq4NnYulTNveDYjAgI9 fUCKnM0ByTqWfZ0/SySJFwKaRQkxTpcMc+SBA7KdhWKY3Xq33PvdQneOoYAdbFQE I6ZIrB+tWTZsVPTLuVwbnQL8URYjkEjSVC4dkm9N8/DW4xLVC+T6OYBpXUdRNOKe EEaBajPVNNHL3brDNgAlQlT/+N/U3fYLkYPL76wGGQ38Rj9oHwOloWrdvO+HfCBN vd9at+k45hh6eucMfzm7Hh+W2gNfMdmRjDOKqLkavvxvhTYw2ZpgKDnEF2D3u+mw oGzF1p4ro3ZcDvZa6lmJHTiRKnhaIfzWxyxJHjeUN65/J02RXPM= =TtV3 -----END PGP SIGNATURE-----pgpXf09jSmMOp.pgp
Description: PGP signature
--- End Message ---