-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 23 Aug 2024 20:20:06 +0200 Source: trafficserver Binary: trafficserver trafficserver-dbgsym trafficserver-dev trafficserver-experimental-plugins trafficserver-experimental-plugins-dbgsym Architecture: amd64 Version: 9.2.5+ds-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: amd64 Build Daemon (x86-grnet-01) Changed-By: Jean Baptiste Favre Description: trafficserver - fast, scalable and extensible HTTP/1.1 and HTTP/2.0 caching proxy trafficserver-dev - Apache Traffic Server Software Developers Kit (SDK) trafficserver-experimental-plugins - experimental plugins for Apache Traffic Server Closes: 1077141 Changes: trafficserver (9.2.5+ds-0+deb12u1) bookworm-security; urgency=medium . * New upstream version 9.2.5+ds * CVEs fix (Closes: #1077141) - CVE-2023-38522: Incomplete field name check allows request smuggling - CVE-2024-35161: Incomplete check for chunked trailer section allows request smuggling - CVE-2024-35296: Invalid Accept-Encoding can force forwarding requests Checksums-Sha1: 09c6c2ebd78640b77859b22f0155ff051b705515 50626896 trafficserver-dbgsym_9.2.5+ds-0+deb12u1_amd64.deb edb1bfb9ddfdd0e5ca4da7609803db4eacac1cde 371016 trafficserver-dev_9.2.5+ds-0+deb12u1_amd64.deb 3ca00e7b02766ee32753a8131c13581779e04bee 6253376 trafficserver-experimental-plugins-dbgsym_9.2.5+ds-0+deb12u1_amd64.deb 1f13b9ae6927839b17e398ba37cf3833e5806ed2 518200 trafficserver-experimental-plugins_9.2.5+ds-0+deb12u1_amd64.deb c1aa2ee0605e7c5101f39ef2547bb53febb8d917 14381 trafficserver_9.2.5+ds-0+deb12u1_amd64-buildd.buildinfo 88da7b57c609da1a38ea7678fa00ce123e0baf4c 3789196 trafficserver_9.2.5+ds-0+deb12u1_amd64.deb Checksums-Sha256: fe3e4ab84cf5291f22985bab54821a6f3b121ca06ef61de4a1434bc7b14d8a44 50626896 trafficserver-dbgsym_9.2.5+ds-0+deb12u1_amd64.deb 94b093dba8275b2308aff75c20135f7db21d2d4268fd8007d91258c0e75c3327 371016 trafficserver-dev_9.2.5+ds-0+deb12u1_amd64.deb 2e212eb52d4f84e65c93b2fa8f1b816cff449af892933d8c9493869ca2e56131 6253376 trafficserver-experimental-plugins-dbgsym_9.2.5+ds-0+deb12u1_amd64.deb 48993df1208bb38ba76e2dcf7e17548e53a3032066c31eaa34801c1441dca035 518200 trafficserver-experimental-plugins_9.2.5+ds-0+deb12u1_amd64.deb 0c85c14eca2bdfb4013c82ac6dcd9443dffe7d53fe9b1186929b740278882e6d 14381 trafficserver_9.2.5+ds-0+deb12u1_amd64-buildd.buildinfo 2297eb44160923affb7fdbbb393544446e3ce232d052bae0665975160127a109 3789196 trafficserver_9.2.5+ds-0+deb12u1_amd64.deb Files: a20a06981142610d130fa00d829d8e3c 50626896 debug optional trafficserver-dbgsym_9.2.5+ds-0+deb12u1_amd64.deb 66e1245e1586039554a68be18e687ad3 371016 web optional trafficserver-dev_9.2.5+ds-0+deb12u1_amd64.deb 76326c269956daa381e40ab2468aeb18 6253376 debug optional trafficserver-experimental-plugins-dbgsym_9.2.5+ds-0+deb12u1_amd64.deb b6eec6125b085223a8d42802edd16489 518200 web optional trafficserver-experimental-plugins_9.2.5+ds-0+deb12u1_amd64.deb 5b6d16cc4cf0dd580a6184b0e20ab952 14381 web optional trafficserver_9.2.5+ds-0+deb12u1_amd64-buildd.buildinfo 18225208936577fb9b9b800fc9e67d4c 3789196 web optional trafficserver_9.2.5+ds-0+deb12u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEyTfXx8sBpQ0Lh3cUU9a0/LcaTpMFAmbJAC8ACgkQU9a0/Lca TpMnkQ//VFPl/PHxbkyrHvhNuRW8P4+JKUrX69u5Kqkk0XL9pBQ00ijJfplNkHJl KR6Y7n0MIQ5v5LjHlb4z7pjJiLralcg73rcAlo+lHDgIfoxX9R2RX1D+GJbp8DTr DACy22S4fmE4AKqCWe2Vq4g5UKPxaKd1FLXkDVIOO7jwSHJs4opqNJG7rgvn5Fj0 mxs90yHEWAFDUKx5fhRHvOJuqg7qPDo4gVyDWAO+jYeD86K5ZINZ0j6X7k0LX5Dd J2l6xTTeYD6mBcO8Ou0Z6DEMIHX1CAmjPSjxrbW5bMSYuC0za7wRN2bonLatVjU4 3nTD1dhNIEcPH5mzNFvWAef9H2MMMP/6JtsSLF2w2mEdzBhtwfq8JceVIWAK7hd7 8dBScJSlfGg1ftkZ1Wj7w3YaSI7kMfBuSuUrKAiHF+Ob7vyqvwp5O5yJfomV8+Ry DH7fQcvllzXtb2Ks+sB0iLbrqCnz6FptCFb6j81XumqMoVg/v1M8VE2wO0BeiSO3 ctgP7zjF2eLna3WC4t8efPRPbqN1qoHcP5mNHk2ZEvUMLdWvNj5jknNKvUqDEzrW BZF8Z+QXJzabxagImFxB7h867a077bdVoKIFZ1w6I1z/kmUJiDyJNpSz9tQqPvc+ SOBdeRBMrfAV4NCnitxs1JWNqPxtebIRe8lXk05tuMHnt9/YTkw= =h8yJ -----END PGP SIGNATURE-----