Hello. I am backporting the recent traffic server security fixes[1] to Debian LTS buster which have traffic server version 8.0.x.
If I am right, CVE-2022-25763, CVE-2022-28129, CVE-2022-31779 and CVE-2022-31780 fixed in commit https://github.com/apache/trafficserver/commit/0ca9ef5abc8a535d05150ebc7c16bbfa4e982d16 And for CVE-2021-37150, fixed in commit. https://github.com/apache/trafficserver/commit/4da63a69cbce10a6cd4d103de9f9b01d9c9be908 But for CVE-2022-31778, I couldn't pin point the commit. Does https://github.com/apache/trafficserver/pull/8899 has to anything with CVE-2022-31778. (https://github.com/apache/trafficserver/commit/f45d490b7c3a3cb91cbc6a815b9939b19101e4d2) Please help to find fix for CVE-2022-31778. Also please correct me if I missed or to drop unwanted commits from above mentioned CVEs. Abhijith Debian Developer [1] - https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21
