Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted trafficserver 8.1.1+ds-1.1 (source) into unstable
Date: Thu, 15 Jul 2021 20:33:34 +0000
Signed by: Salvatore Bonaccorso <carnil@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 15 Jul 2021 21:48:17 +0200
Source: trafficserver
Architecture: source
Version: 8.1.1+ds-1.1
Distribution: unstable
Urgency: medium
Maintainer: Jean Baptiste Favre <debian@jbfavre.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 990303
Changes:
 trafficserver (8.1.1+ds-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Address CVE-2021-27577, CVE-2021-32565, CVE-2021-32566, CVE-2021-32567 and
     CVE-2021-35474.
     - CVE-2021-27577: Incorrect handling of url fragment leads to cache
       poisoning
     - CVE-2021-32565: HTTP Request Smuggling, content length with invalid
       charters
     - CVE-2021-32566: Specific sequence of HTTP/2 frames can cause ATS to
       crash
     - CVE-2021-32567: Reading HTTP/2 frames too many times
     - CVE-2021-35474: Dynamic stack buffer overflow in cachekey plugin
     (Closes: #990303)
Checksums-Sha1: 
 4925f90729116068bafa9eaa067d1d8b366f8b78 2881 trafficserver_8.1.1+ds-1.1.dsc
 75eccf2d46c76923417e3c0408d46cefa8848adc 44068 trafficserver_8.1.1+ds-1.1.debian.tar.xz
Checksums-Sha256: 
 23887ef0f0e71b03d0f87b86171ff377b2c413fb7d63bac78d79fece40f3c433 2881 trafficserver_8.1.1+ds-1.1.dsc
 34e2af5fa308e8ca4b101861d2dddd4f446bc922e9c9161fd4d7112e58e06c2c 44068 trafficserver_8.1.1+ds-1.1.debian.tar.xz
Files: 
 4f9bb7e760db8564dc55f72f03bf1e54 2881 web optional trafficserver_8.1.1+ds-1.1.dsc
 67e1817441daff6c0d75098cadee3db8 44068 web optional trafficserver_8.1.1+ds-1.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmDwlnlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EtMUP/RMpCWPOPZ2n6d0lxNtdVDlyvcXJ0cwu
JLFyIVKuAg3Z1kKuI1NL3L6YLvDlAxuX/2wcP766AfYk2ANc4XeSQgqtb1DDd+0R
935+tGRCapqf9dacicKgxQpQDgnX3X/FMQTUWJreMRsN5fbga4Za8P5tjAGKDD/l
7kXMVO7agSohC7RMWzfJdPHujbuiup5n/695cLQpN1QDRY8gGnjIMz/GRItLy6n7
RdEP28DLOclrX82Z6UIDy3pSpzwE5ltxU0rjsBJ6iHVb7tA3xLhgU2q1/FExugtE
7fXZTDYP7riRG3a6VYSireiBt+IApm5878lKmJcUTLF5ffYMW2Q+xdLcsAfU2DvN
feJOXGwDGQlrg5hrYxAf3o+JQzDS7qx2/knHX9240VgEkoU0+Cvyjtn//FzIOLJ8
ViTqqDJlr8BtlBJFwgMVMHooA/E0lPRKsongZoJXPzIPs12WHjPbuIPJMZGRD0C2
VVeNXD9Hb71Up3NpDv0cH23Dc/aRa0tMUI87H2heekJ4V6uxTszDBlKl6QA0r1uC
6GiTB8vTwn0YgiWFOf0EBioKfMeT9bObp8TMa/C9+w+sToI1URIREbpZ3OLG3D1b
TRPXN+hB7Cx1so/RLSl9KBf6NYcZiI7yjMYE9ITHWw0ae+oPrf877EJgSpi2zF7e
KNOLqty8DHKR
=D47y
-----END PGP SIGNATURE-----

News for package trafficserver