Hi Jered, Am Sonntag, dem 19.01.2025 um 23:38 +0000 schrieb Jered Floyd: > > I'm not authoritative on anything here, but this seems to obviously > be related to this commit: > > https://github.com/apache/trafficserver/commit/27f504883547502b1f5e4e389edd7f26e3ab246f > > That file otherwise hasn't changed since 2019 and that segment > remains the same in 8.1.11, so I would assume that all versions prior > to 9.2.6 are affected. > > The advisory probably only references 9.2.x and 10.x as those are the > only version series under support. (Since 8.x is not, perhaps it > should be removed from the Downloads page.)
Thanks for your response. Unfortunately, that basically just confirms what I already know and suspect. I was hoping for a definitive answer. > It's not clear to the circumstances under which this error represents > a meaningful vulnerability, That is one of the issues here and a reason why I asked. > but if you are running an 8.x release there are other fixed CVEs that > seem of greater importance. Most of them have already been addressed. Regards, Daniel
signature.asc
Description: This is a digitally signed message part
