Source: trafficserver Version: 9.2.1+ds-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 9.2.0+ds-2+deb12u1 Control: found -1 8.1.7+ds-1~deb11u1 Control: found -1 8.1.6+ds-1
Hi, The following vulnerabilities were published for trafficserver. CVE-2022-47185[0]: | Improper input validation vulnerability on the range header in | Apache Software Foundation Apache Traffic Server.This issue affects | Apache Traffic Server: through 9.2.1. CVE-2023-33934[1]: | Improper Input Validation vulnerability in Apache Software | Foundation Apache Traffic Server.This issue affects Apache Traffic | Server: through 9.2.1. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-47185 https://www.cve.org/CVERecord?id=CVE-2022-47185 [1] https://security-tracker.debian.org/tracker/CVE-2023-33934 https://www.cve.org/CVERecord?id=CVE-2023-33934 [2] https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc Please adjust the affected versions in the BTS as needed. Regards, Salvatore
