-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 23 Aug 2024 18:49:41 +0200 Source: trafficserver Architecture: source Version: 9.2.5+ds-1 Distribution: unstable Urgency: high Maintainer: Jean Baptiste Favre <debian@jbfavre.org> Changed-By: Jean Baptiste Favre <debian@jbfavre.org> Closes: 1077141 Changes: trafficserver (9.2.5+ds-1) unstable; urgency=high . * New upstream version 9.2.5+ds * Patches refresh for 9.2.5 * Update d/control Build-Depends * CVEs fix (Closes: #1077141) - CVE-2023-38522: Incomplete field name check allows request smuggling - CVE-2024-35161: Incomplete check for chunked trailer section allows request smuggling - CVE-2024-35296: Invalid Accept-Encoding can force forwarding requests Checksums-Sha1: 9c13cddf7cf1af6e590dbc0dbe216c32c0761599 2985 trafficserver_9.2.5+ds-1.dsc 75948d26ccb5b53362b90a23ee6716d98ec02f9d 8952536 trafficserver_9.2.5+ds.orig.tar.xz c5131ffff4ae3e2f6a480f061f8f1e7c626d2956 35640 trafficserver_9.2.5+ds-1.debian.tar.xz 0cddce7a5e01824dcff02db1405a6fc1a88af164 13248 trafficserver_9.2.5+ds-1_source.buildinfo Checksums-Sha256: 538b0c7a75c7c606cfdc76952205925b6876177d6818d9813d0adb43d96134c7 2985 trafficserver_9.2.5+ds-1.dsc dbf4de96e1c5077bc2148ef065bd271ab6d73d71285a7568c60ae59e900692bd 8952536 trafficserver_9.2.5+ds.orig.tar.xz 2ef80328162a110118183608b0688a2d6501f592e5925bf2700c83675e0e938f 35640 trafficserver_9.2.5+ds-1.debian.tar.xz 2276990e09b3e3c0a870cb7a05079d28072dbe1622220428449c21cf47e94f34 13248 trafficserver_9.2.5+ds-1_source.buildinfo Files: 9997d23b16366ab77477b58a3fbeb9a6 2985 web optional trafficserver_9.2.5+ds-1.dsc b4dd8ce30023f3a0629fe44668c1c2d9 8952536 web optional trafficserver_9.2.5+ds.orig.tar.xz 32baf6ebb8e9848bb8329d1594d1c821 35640 web optional trafficserver_9.2.5+ds-1.debian.tar.xz fd1f454257cc18086e9bc7f256ea1a3d 13248 web optional trafficserver_9.2.5+ds-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEToRbojDLTUSJBphHtN1Tas99hzcFAmbI0YFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRF ODQ1QkEyMzBDQjRENDQ4OTA2OTg0N0I0REQ1MzZBQ0Y3RDg3MzcACgkQtN1Tas99 hzeUYA/+JtUcdJ6IPTuU3rTiyUdQf7AJ/9ZNvqvSuyAHc4zEw8JsQHpnqofd8yBg G9IfI4RDmL/v8ajPLPGLsidFJZivXpNmfhmzexRSp1ab5WVJIDglHsXxJTq6N3TR 25xnecEmsFiAQuguFzZzjk5gAyqCUOY4qFirueWo7Mub7JjhCwWlSAX0XsOtUzm6 H35QHMyTFgUnHkwf5lCa3qe9qe6YBvJYVDYg1BYUynPqZQodGThjSWhgD6FktCPW ZOql4u535M5QYROl+6TsY43P+K7P70rJxq5AVJlqAQynGNwLwJ1MmRzktubU70bG j01K2SozsNgSMaw02fywtkMbQns9vdMqo7MyE6sRvr7+uUmvbrTdZiSfP9Qpis42 zs2rq4iWSuiiUqekyT2nuVQ0jxryCYuuktdsXfKh7B9J5MmCLGQF9akqR316vvOc E8+Qog1FWqN0/+FNaXe1XB9lBeTHsZXtZIoKF91wcHKYdzvt8PcBgfuDXDN+WCSE cAWYIgjN1GFMawLcAi0WwpAa/7d2C5Kuw3E1Y8uW7ByKxeLzPTaJevwP8aC0SgAi GPvAXUXrgJO/z1a7W3yjmBANa/yCZeXsuudD8U7BQJHB1oGyGfQZkiVOUj6LmuLW JVa/xnzxwmcyaxHeX7AaAsH9W4BGW3kFzUEy3RqDFesLwIhv33s= =9fCE -----END PGP SIGNATURE-----