-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 02 Nov 2023 15:01:39 +0100 Source: trafficserver Architecture: source Version: 9.2.3+ds-1+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Jean Baptiste Favre <debian@jbfavre.org> Changed-By: Jean Baptiste Favre <debian@jbfavre.org> Closes: 1053801 1054427 Changes: trafficserver (9.2.3+ds-1+deb12u1) bookworm-security; urgency=medium . * Multiple CVE fixes for 9.2.x (Closes: #1054427, Closes: #1053801) - CVE-2022-47185: Improper input validation vulnerability - CVE-2023-33934: Improper Input Validation vulnerability - CVE-2023-39456: Improper Input Validation vulnerability - CVE-2023-41752: Exposure of Sensitive Information to an Unauthorized Actor - CVE-2023-44487: The HTTP/2 protocol allows a denial of service * Refresh d/patches for 9.2.3 release * Add patch to workaround missing sphinxcontrib.jquery module * Update d/trafficserver-experimental-plugins for 9.2.3 release Checksums-Sha1: e4fe79a6f1051e639a5f737c1eb1853365dc5b31 3024 trafficserver_9.2.3+ds-1+deb12u1.dsc bd4752974c4343d6be0deb34ed61e521157bba21 8942124 trafficserver_9.2.3+ds.orig.tar.xz e96d4dba828c00f431245d664d396ce969a8caf7 35904 trafficserver_9.2.3+ds-1+deb12u1.debian.tar.xz 0ec93376e0cc8adebbde91f395306956f3d50a8e 12654 trafficserver_9.2.3+ds-1+deb12u1_source.buildinfo Checksums-Sha256: 0dfb2438a13aaeedc594ca4bed4d278417a21662f035c1013461e955f2e1aa85 3024 trafficserver_9.2.3+ds-1+deb12u1.dsc 0e323e1c4c01d1506cfd49d4c6935dbebd125b187d9ba72fe909bd6b10d81110 8942124 trafficserver_9.2.3+ds.orig.tar.xz f33a37f2906683b3a78ba2c16013a4ef85ea1eeeb016937917765bb497017204 35904 trafficserver_9.2.3+ds-1+deb12u1.debian.tar.xz 7f5f711ef2a60ba681bbd5b556ad55347d402fd5251d2dcde5519c341864b647 12654 trafficserver_9.2.3+ds-1+deb12u1_source.buildinfo Files: 0243ca2fd3678757bab0bb373b55daa4 3024 web optional trafficserver_9.2.3+ds-1+deb12u1.dsc f65bf601372c361eb765c1d9150f5755 8942124 web optional trafficserver_9.2.3+ds.orig.tar.xz 8fbf8ef3d95778c5e2b3e1dc45fb8777 35904 web optional trafficserver_9.2.3+ds-1+deb12u1.debian.tar.xz 5e55436fe541f8f166d505d6e1bfc7b1 12654 web optional trafficserver_9.2.3+ds-1+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEToRbojDLTUSJBphHtN1Tas99hzcFAmVDvkJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRF ODQ1QkEyMzBDQjRENDQ4OTA2OTg0N0I0REQ1MzZBQ0Y3RDg3MzcACgkQtN1Tas99 hzeN0BAAskdDyJCHDKsRIe2ag84z/yAkQn7y9yJ71V5V1lyrRMPngbSLE9c08LZR FTobWBkFq47D58hUXPHynh3JQyNIyu+cEPpukrXZZZ/YlINp+aNErnEbwLSRWmur qPL8IYEOSMdeh+o6lenT3BV0I4F9tAbRPKInuL1hOYYKKZYihsLGj446wu1IeoNd Jp4ydbSuoT3oUdTm6kUKGWlolLzq0XwpjKDGeuqiUHuOSktqF4irM6cLQg+HjtiQ xN/GaFYSxrsTEVpupHQCVAugHq5cGR4OD97fuU+wKMVFfZWGvo6nh2ffKuqw0tjL maqOtJeE/omDaD1n9+0lM2aVGhshzuZqG9yGhTDXOlOWh6cqYxZY/DJT6qrFuJpk bcKzQmvL0UtQc4mpHM2hGKRFqbXfhas3Rv6EdW0goxzEkGkh6JA9K/JOmRg8Z4pK JvpWLTW8dDk2OTHkJLLrV1OlNuMJWE55Rdqkh85bqzllbwMbobn5V9pKy4eErTwv bSpiqymSd5THFQavY+DA+qaCWB+ly6AnUrjIMIQaJLlzsif41lx8KovAekZ+P/CY xmOiZg5640YF5nUG55q/lmJNckFsBlCpzM3CLUZKnkD4Szp0XUDQyqvUVxJ5KKtD e6mWyw5vSUZocrRlcg98LEyYQXMJrjEImvIC+udqtkhkj9lq8GA= =NJIV -----END PGP SIGNATURE-----
