Your message dated Sat, 20 Apr 2024 11:20:54 +0000
with message-id <e1ry8m6-00bllt...@fasolo.debian.org>
and subject line Bug#1068417: fixed in trafficserver 8.1.10+ds-1~deb11u1
has caused the Debian Bug report #1068417,
regarding trafficserver: CVE-2024-31309: HTTP/2 CONTINUATION frames can be
utilized for DoS attacks
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1068417: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068417
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: trafficserver
Version: 9.2.3+ds-1+deb12u1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 8.1.9+ds-1~deb11u1
Hi,
The following vulnerability was published for trafficserver.
CVE-2024-31309[0].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-31309
https://www.cve.org/CVERecord?id=CVE-2024-31309
[1] https://www.kb.cert.org/vuls/id/421644
[2] https://github.com/apache/trafficserver/pull/11207
[3] https://github.com/apache/trafficserver/pull/11206
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: trafficserver
Source-Version: 8.1.10+ds-1~deb11u1
Done: Jean Baptiste Favre <deb...@jbfavre.org>
We believe that the bug you reported is fixed in the latest version of
trafficserver, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1068...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jean Baptiste Favre <deb...@jbfavre.org> (supplier of updated trafficserver
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 13 Apr 2024 11:54:31 +0200
Source: trafficserver
Architecture: source
Version: 8.1.10+ds-1~deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Jean Baptiste Favre <deb...@jbfavre.org>
Changed-By: Jean Baptiste Favre <deb...@jbfavre.org>
Closes: 1068417
Changes:
trafficserver (8.1.10+ds-1~deb11u1) bullseye-security; urgency=medium
.
* New upstream version 8.1.10+ds
* CVEs fix (Closes: #1068417)
- CVE-2024-31309: HTTP/2 CONTINUATION DoS attack
Checksums-Sha1:
45da564a137c5b191f6a8a291a86d0e16d85e91a 2887
trafficserver_8.1.10+ds-1~deb11u1.dsc
8eab6a9c49a48d436b62b09682729156c48c4397 7961204
trafficserver_8.1.10+ds.orig.tar.xz
35cc89bcb9265e3970564467315995dd2ece46d7 45856
trafficserver_8.1.10+ds-1~deb11u1.debian.tar.xz
89b367f117cf63b12d31c01f26ecbda05a8d112a 14251
trafficserver_8.1.10+ds-1~deb11u1_source.buildinfo
Checksums-Sha256:
2722a9c9af326bfa7dacc5f2d142e4c82bc45a7bd823cb7b96af23eb184b0f31 2887
trafficserver_8.1.10+ds-1~deb11u1.dsc
29f9fbb0a4db3715d86b826ac96ff46cd34f5c586f8b0b681b1e13f32da5af12 7961204
trafficserver_8.1.10+ds.orig.tar.xz
d283e383dc03bf203a6d4e9469ec27cafdf3eed89de7c25b81a0c1f95fd2bb0f 45856
trafficserver_8.1.10+ds-1~deb11u1.debian.tar.xz
a8cbdd33da096930dd760e4b9fc298d959821b8b1742f613ef51abe1d3ab1d81 14251
trafficserver_8.1.10+ds-1~deb11u1_source.buildinfo
Files:
3adc6953c3314cea71145625fefb7699 2887 web optional
trafficserver_8.1.10+ds-1~deb11u1.dsc
992313e4c54d5fadeb0eb317fc63be36 7961204 web optional
trafficserver_8.1.10+ds.orig.tar.xz
ef9473deac62bc879789a0cb5f35ed6b 45856 web optional
trafficserver_8.1.10+ds-1~deb11u1.debian.tar.xz
76b037441421a8e6158132dfd47ef4bb 14251 web optional
trafficserver_8.1.10+ds-1~deb11u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEToRbojDLTUSJBphHtN1Tas99hzcFAmYaWldfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRF
ODQ1QkEyMzBDQjRENDQ4OTA2OTg0N0I0REQ1MzZBQ0Y3RDg3MzcACgkQtN1Tas99
hzcvPg//W6s2aI04f0JBcWgslfZcUIcj8lx+I1gUlOo/fVvzvoKbNb9qY42q8HIb
xvLq4Fv1s1zfaoqtaiF35W8YGB7XZ0wjs5RLc7wnrrqi7/j5rJ74MON659BdgLBT
VZp8TQL5iwH8EsVfVvZOmT1IcBGT9auc41qLJ02V3yK0taW8/BpX+mNLPQtOhUlk
TbNDvzbch1JXdHwpS+r3/Tf2MfoOdoIofIIF7XhZI184Ez5AIZKW3knAMWpdYHjX
yPCnwuBKTTNfAEm6RXVcepSrqffAcVAaY86jetDF4VhX+D5YRjV+LVLgCWpAVH3V
G/4Y/I+KU/XYy0YLMsD3dJtyo09ppsyoKLojzshsVum3lgBus7AXHEzaViGVMIWP
mKrQ/IFTJRPrW2n1EsjR3kGPD+T56QSNgvVXI8Rt0JviD5YbB9eLlxD66QczWf8G
BBO3bGMy+cq9t0gWrKHfoO0s4n9fK9X/hiaW5jV+fbySNBu1PuIW0Rek1ePG6J1c
dRT40lb0agaf/jt50dzxzMRcH3iUviEDDn8Mpv38eVcVy3/zIZ+3Ro1+VZ8aYcI8
twFyp3BvXMa41ocyh06Z9b3B6KWDni0G0NJ6ZAz455GEtkDPydwKcZ+90oHAoRVc
GaAeOmRbojXtBP0fR71Ut/qDj7OLz7MfpHfZykOXLVBacIaeGUE=
=pB35
-----END PGP SIGNATURE-----
pgptA6Q8YzIwh.pgp
Description: PGP signature
--- End Message ---
