Your message dated Thu, 25 Jun 2020 17:05:55 +0000
with message-id <e1jovjz-0002yn...@fasolo.debian.org>
and subject line Bug#963629: fixed in trafficserver 8.0.8+ds-1
has caused the Debian Bug report #963629,
regarding trafficserver: CVE-2020-9494
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
963629: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963629
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: trafficserver
Version: 8.0.7+ds-1
Severity: important
Tags: security upstream
Control: found -1 8.0.2+ds-1+deb10u2
Hi,
The following vulnerability was published for trafficserver.
CVE-2020-9494[0]:
| Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to
| 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can
| cause the server to allocate a large amount of memory and spin the
| thread.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-9494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9494
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: trafficserver
Source-Version: 8.0.8+ds-1
Done: Jean Baptiste Favre <deb...@jbfavre.org>
We believe that the bug you reported is fixed in the latest version of
trafficserver, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 963...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jean Baptiste Favre <deb...@jbfavre.org> (supplier of updated trafficserver
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 25 Jun 2020 10:01:51 +0200
Source: trafficserver
Architecture: source
Version: 8.0.8+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Jean Baptiste Favre <deb...@jbfavre.org>
Changed-By: Jean Baptiste Favre <deb...@jbfavre.org>
Closes: 963629
Changes:
trafficserver (8.0.8+ds-1) unstable; urgency=medium
.
* New upstream version 8.0.8+ds
* Includes fix for CVE-2020-9494 (Closes: #963629)
* Update debhelper-compat version in d/control
Checksums-Sha1:
697899150520875ef63fe2a5f89fd51bbf859202 2982 trafficserver_8.0.8+ds-1.dsc
777d6346bc6cdeadd8e657076ee10f61ff6a6f11 7816632
trafficserver_8.0.8+ds.orig.tar.xz
121e8fb790d3d39901bac5915eb2909b252a7e01 68744
trafficserver_8.0.8+ds-1.debian.tar.xz
1f9a628cc5cf39c075abe2b7dab45f9c29aebe34 13658
trafficserver_8.0.8+ds-1_source.buildinfo
Checksums-Sha256:
83b076c5391e353227aaf184a1e223c92ab0d39dbe59944baa88b2329bba8607 2982
trafficserver_8.0.8+ds-1.dsc
ce3bf802a0a41b5d5c1eda9f770228ed44dbc1053d2425e1190fbddc3d9353f7 7816632
trafficserver_8.0.8+ds.orig.tar.xz
bf4c636248f678a6f4ee0623d7326d92481a4b39136f867e5a64f691c170cf06 68744
trafficserver_8.0.8+ds-1.debian.tar.xz
1a18146e020cea043774f814de2bcd9c35bab702392aba8ca5bb168a556b5713 13658
trafficserver_8.0.8+ds-1_source.buildinfo
Files:
039c83c483e82efd75d8ee0ab0bf095f 2982 web optional trafficserver_8.0.8+ds-1.dsc
7384c9a5a9b86a829242e7ca117f278e 7816632 web optional
trafficserver_8.0.8+ds.orig.tar.xz
de63784964d6fd7b96f8935f9de303d4 68744 web optional
trafficserver_8.0.8+ds-1.debian.tar.xz
8829da6e131c8ed19655ff64125e9423 13658 web optional
trafficserver_8.0.8+ds-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEToRbojDLTUSJBphHtN1Tas99hzcFAl701YhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRF
ODQ1QkEyMzBDQjRENDQ4OTA2OTg0N0I0REQ1MzZBQ0Y3RDg3MzcACgkQtN1Tas99
hzdFTxAAgKZFHMFaOuklxwVxzhpnxIOX9l8Xk1Aefw6JQth7AqRLWp7SRYQkik3V
Q+71vHSVMMXW80HTPlH9ZlewE7Rv/Lu8/0Dor/aauvEKOVUUJ4NydJei8B7ZFwWJ
9zxRM76q+45SMKaLDZ7f1pPGghIhj1kh72c/Dj//eyJIdOhlnsnpe538ekqQ+ZuF
u9uf7G/Ai1MwcfB8XM7IkhzbdglXmnCG3d/CVeGHxpVZAvIWFan6TDhgniyjRtaH
j3F65twTfOHArYvWsZg8pLXoqnqZiQOKyLx+iNY9ZcV5uh4Bgdie3NIn8owzitwN
PLS8kraqEtMfUkSwQcwrNVceZnuPj15UhJ4MDwZ28idbH+jHOjhT6Lc4WmZJxIX+
Gz0cCGfuSrxpieixJBJrWuRQhgVJHAhxywv7yIY3My3SjlprSVF4ou9IfrYwuMfh
Rp3UfxT8onDfSwQJSEFHpk8/tJK/wvEfjERfZzEwTTeIovexRTDHnZx4EPd/bE8H
54ApE6aRJNbQ5vsWLL6xpbtShDBLAONXkSmdsnL1jfzECPyOrQzj8RV60Rvd/G9M
Pc/Sc3iF0s7IlUHJsx/VDRP4HsHI/Hgg7P+4bQi82PUa8nDf45FoB7SX+7iFKpcj
KQy7vRhpSDHQUxaxnrSkyOl7P85RBzo3pTGfJzWScepfM6QgI1A=
=dfrW
-----END PGP SIGNATURE-----
--- End Message ---
