[Git][security-tracker-team/security-tracker][master] Reserve DLA-4055-1 for trafficserver

Daniel Leidert (@dleidert) Sat, 15 Feb 2025 17:00:14 -0800


Daniel Leidert pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2fbb44e8 by Daniel Leidert at 2025-02-16T01:59:14+01:00
Reserve DLA-4055-1 for trafficserver

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Feb 2025] DLA-4055-1 trafficserver - security update
+       {CVE-2024-38479 CVE-2024-50306}
+       [bullseye] - trafficserver 8.1.11+ds-0+deb11u2
 [16 Feb 2025] DLA-4054-1 tryton-client - update
        [bullseye] - tryton-client 5.0.33-1+deb11u1
 [15 Feb 2025] DLA-4053-1 freerdp2 - security update


=====================================
data/dla-needed.txt
=====================================
@@ -267,15 +267,14 @@ tcpdf (Adrian Bunk)
   NOTE: 20241205: Added by Front-Desk (santiago)
   NOTE: 20241230: https://lists.debian.org/debian-lts/2024/12/msg00057.html 
(bunk)
 --
-trafficserver (dleidert)
+trafficserver
   NOTE: 20241120: Added by Front-Desk (Beuc)
   NOTE: 20241120: Upcoming DSA (Beuc/front-desk)
-  NOTE: 20241203: Only CVE-2024-38479 is listed as present in version 8.1.11 
(dleidert)
   NOTE: 20241203: Upstream announcement does not mention 8.1 for any of the 3 
CVEs.
   NOTE: 20241203: AFAIR upstream 8.1 support ended with the release of 10.0 
(bunk)
-  NOTE: 20250101: Waiting for feedback if CVE-2024-50306 affects 8.1 as well 
(dleidert)
-  NOTE: 20250121: Still no feedback for CVE-2024-50306 (dleidert)
-  NOTE: 20250210: Prepping DLA (dleidert)
+  NOTE: 20250216: DLA released fixing CVE-2024-38479 and CVE-2024-50306 
(dleidert)
+  NOTE: 20250216: IMHO CVE-2024-50305 does not affect 8.x due to affected code 
being introduced later (dleidert)
+  NOTE: 20250216: Bookworm-PU necessary, but issues not fixed in Sid yet; 
contacted maintainer (dleidert)
 --
 twitter-bootstrap3
   NOTE: 20241110: Added by Front-Desk (apo)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fbb44e8b47d6c2ab9539db085c9c4d1ab1b3adf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fbb44e8b47d6c2ab9539db085c9c4d1ab1b3adf
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-4055-1 for trafficserver

Reply via email to