Source: trafficserver Version: 9.2.5+ds-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for trafficserver. CVE-2024-38311[0]: | Improper Input Validation vulnerability in Apache Traffic Server. | This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, | from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are | recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the | issue. CVE-2024-56195[1]: | Improper Access Control vulnerability in Apache Traffic Server. | This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, | from 10.0.0 through 10.0.3. Users are recommended to upgrade to | version 9.2.9 or 10.0.4, which fixes the issue. CVE-2024-56202[2]: | Expected Behavior Violation vulnerability in Apache Traffic Server. | This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, | from 10.0.0 through 10.0.3. Users are recommended to upgrade to | versions 9.2.9 or 10.0.4 or newer, which fixes the issue. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-38311 https://www.cve.org/CVERecord?id=CVE-2024-38311 [1] https://security-tracker.debian.org/tracker/CVE-2024-56195 https://www.cve.org/CVERecord?id=CVE-2024-56195 [2] https://security-tracker.debian.org/tracker/CVE-2024-56202 https://www.cve.org/CVERecord?id=CVE-2024-56202 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
