-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 23 Aug 2024 20:20:06 +0200 Source: trafficserver Architecture: source Version: 9.2.5+ds-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Jean Baptiste Favre <debian@jbfavre.org> Changed-By: Jean Baptiste Favre <debian@jbfavre.org> Closes: 1077141 Changes: trafficserver (9.2.5+ds-0+deb12u1) bookworm-security; urgency=medium . * New upstream version 9.2.5+ds * CVEs fix (Closes: #1077141) - CVE-2023-38522: Incomplete field name check allows request smuggling - CVE-2024-35161: Incomplete check for chunked trailer section allows request smuggling - CVE-2024-35296: Invalid Accept-Encoding can force forwarding requests Checksums-Sha1: 69eeda30b5db02ded31fe82eb144330fae6a3791 3024 trafficserver_9.2.5+ds-0+deb12u1.dsc 75948d26ccb5b53362b90a23ee6716d98ec02f9d 8952536 trafficserver_9.2.5+ds.orig.tar.xz dd2d2126f20055f1d2e5c613a92aba0354e8b80e 36044 trafficserver_9.2.5+ds-0+deb12u1.debian.tar.xz 8b198469dc81a244998112dc6b6f4c2e020876f1 12886 trafficserver_9.2.5+ds-0+deb12u1_source.buildinfo Checksums-Sha256: da998419192c8c3b8f3020afac45c4cb4bdd1ae240ad0352ed383576f9bff81b 3024 trafficserver_9.2.5+ds-0+deb12u1.dsc dbf4de96e1c5077bc2148ef065bd271ab6d73d71285a7568c60ae59e900692bd 8952536 trafficserver_9.2.5+ds.orig.tar.xz 73237b307284aac2672477d99800d611a1b956c0335006b0d6d7b3519dc37b4d 36044 trafficserver_9.2.5+ds-0+deb12u1.debian.tar.xz fb49c188b3f36a4a6469cd6c9a19c610c1241482389f0eac3239f7a4d0873272 12886 trafficserver_9.2.5+ds-0+deb12u1_source.buildinfo Files: c7a84cf58741edb165f9c7a38d6b6b08 3024 web optional trafficserver_9.2.5+ds-0+deb12u1.dsc b4dd8ce30023f3a0629fe44668c1c2d9 8952536 web optional trafficserver_9.2.5+ds.orig.tar.xz 27e8211d6b46c83ee6176ef7645e0747 36044 web optional trafficserver_9.2.5+ds-0+deb12u1.debian.tar.xz bfa9e50d2a36dd31c2f87526bca64211 12886 web optional trafficserver_9.2.5+ds-0+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEToRbojDLTUSJBphHtN1Tas99hzcFAmbI9ahfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRF ODQ1QkEyMzBDQjRENDQ4OTA2OTg0N0I0REQ1MzZBQ0Y3RDg3MzcACgkQtN1Tas99 hzfg2xAAheBy9g0hD8zMWEx/tOXZnVD7H0PgYp4bh0mPZnHgr3tD3JkFGDq3bnha D8H++dQdetfoieZLj6IJ+SbAHGvoRAB+IJP0EX/szIsEYTPdXJgFLyEMmWo+Ry3N KtgiCjkHKxGl/uQlVug6Ok7d1KADXoQVXSqBXZ+88B5fiNOJGVd4Qn6ah+ytexwx qqDcKhO2/dVWH5Oy07UJW+YvQNl/s7n84415/lwYbG5DSOEDnerO1oMvm7hIXlSS nhvcxmR2awDMV6aq+xN+smcePUqJRPm+CYcmGvI0gNMdBUGYXM/gphfJ8rltl4uE oJtFWaFL+Ap36YjIBDTQB+0D4i0D1pbLyuibTkfEt/HQ6MFClb7pkpVEk81MMbzS 2OSe4Y8Vc/lxEVknpvSiR7qqkYnrnjxFfgdx9h6R87TygYn231gvzqVFlxL7NDmr G8qtoG6uRXZ/I6Kr/4i4U9AtQGheloVn5sCss0hGo8embenND7nIQ66sQeeicP/r lgtKs+sRb7fnxBGd6MWkJKNNHf0ILBz8Ewmyhq3of8TU/iG3VqbRT4OA5HhD9ubZ xvWDhcTQIYuYRAooeS2Pgk2qK+i+7ZDN7Lmv4lwFHgZ133398DlxgYsA+uDaHEjw Lom9Ig8DWyA2HqFw+yu0TuUija5cocuNcikjeVoSLuRTmDB7hy8= =8L/P -----END PGP SIGNATURE-----