-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 23 Aug 2024 20:20:06 +0200 Source: trafficserver Binary: trafficserver trafficserver-dbgsym trafficserver-dev trafficserver-experimental-plugins trafficserver-experimental-plugins-dbgsym Architecture: arm64 Version: 9.2.5+ds-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: arm Build Daemon (arm-ubc-02) Changed-By: Jean Baptiste Favre Description: trafficserver - fast, scalable and extensible HTTP/1.1 and HTTP/2.0 caching proxy trafficserver-dev - Apache Traffic Server Software Developers Kit (SDK) trafficserver-experimental-plugins - experimental plugins for Apache Traffic Server Closes: 1077141 Changes: trafficserver (9.2.5+ds-0+deb12u1) bookworm-security; urgency=medium . * New upstream version 9.2.5+ds * CVEs fix (Closes: #1077141) - CVE-2023-38522: Incomplete field name check allows request smuggling - CVE-2024-35161: Incomplete check for chunked trailer section allows request smuggling - CVE-2024-35296: Invalid Accept-Encoding can force forwarding requests Checksums-Sha1: 870ee41cfe7c5771b7fcd083370a07e444195ae5 49691840 trafficserver-dbgsym_9.2.5+ds-0+deb12u1_arm64.deb ce9338f803878436633020994d34ecde3659791f 371024 trafficserver-dev_9.2.5+ds-0+deb12u1_arm64.deb 765b08ebdf759ebcb1fefddf80bb411686fb3803 6118188 trafficserver-experimental-plugins-dbgsym_9.2.5+ds-0+deb12u1_arm64.deb bc1941c786c3247574887265a174f4823844f3fa 470792 trafficserver-experimental-plugins_9.2.5+ds-0+deb12u1_arm64.deb 386463011b4634edf1f9f61884ecd2e026f2c315 14364 trafficserver_9.2.5+ds-0+deb12u1_arm64-buildd.buildinfo 835a8ca67373c4c14d8d8045c35178025ddea3c0 3375064 trafficserver_9.2.5+ds-0+deb12u1_arm64.deb Checksums-Sha256: 4d4a9df3f88cd19fc5e56ee8cc0e55b209b8682383792cca0816c86c49ea50cd 49691840 trafficserver-dbgsym_9.2.5+ds-0+deb12u1_arm64.deb b36b91d77a1523abe3d9cc39e8f124b4307280f34980e8d7b67d37f55b07b130 371024 trafficserver-dev_9.2.5+ds-0+deb12u1_arm64.deb 6ea2fe3508876a680bda8c16d7728aa5208d3a3228655e055c417441eef48b73 6118188 trafficserver-experimental-plugins-dbgsym_9.2.5+ds-0+deb12u1_arm64.deb 988731bf4faa8ee2b17ae633947e9a2d861ecee6865223e43c2bcf1cfc739ee4 470792 trafficserver-experimental-plugins_9.2.5+ds-0+deb12u1_arm64.deb 7964e8b7d55bd452427b066362964b65af2fb0aaf5abb472322bcb204d512bd8 14364 trafficserver_9.2.5+ds-0+deb12u1_arm64-buildd.buildinfo 08623ec7c8f73f9ed4dcd2a347f4f61357c761163d093ad2bf0bf52ac36e8212 3375064 trafficserver_9.2.5+ds-0+deb12u1_arm64.deb Files: f9491f7eb71e58119313aa820ae948a2 49691840 debug optional trafficserver-dbgsym_9.2.5+ds-0+deb12u1_arm64.deb df8126eb5ebdff1bfe9d05eaf9760ab3 371024 web optional trafficserver-dev_9.2.5+ds-0+deb12u1_arm64.deb ca6cf247a2ff1e9d3cae6ff41f77f891 6118188 debug optional trafficserver-experimental-plugins-dbgsym_9.2.5+ds-0+deb12u1_arm64.deb 4afde3e0f721bbd4a835425e47570b5b 470792 web optional trafficserver-experimental-plugins_9.2.5+ds-0+deb12u1_arm64.deb 878987cd4167b6533dc9f054cd4b0d5a 14364 web optional trafficserver_9.2.5+ds-0+deb12u1_arm64-buildd.buildinfo 0bb9f59c42c16ea229c792a9e7299fcd 3375064 web optional trafficserver_9.2.5+ds-0+deb12u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE9C4sZYDxwNo9XoUDaRWK3AIe28EFAmbJCiMACgkQaRWK3AIe 28FV3g//fglEoUkWK9cBwgqycoaciLbRAzR4Nly8Re5uBfgb8X6Leh6dm5YZFlgE 7797bjgXfyWpWYw9aGrrd2K4PcHQ2fu0zfHDl97SQNesJLTOC1VHPqgASwYIWZaY H+JAxJ9mJnkdz+WKMJB9HslPdVxSle0faDA1iapgbr1UDtM3IR9I3D9GjHzDrDgo +GoRheYya/md7KlpynP0FBawYH6zl89nu/Oe6jPEn8qsbyNFMMpN3c6KH7Z/k/md GVUmjKLMvM+AfemyZqF8qITyUBaY+TauGBhe/EG+tGJ43lhK1WArc2vR1hwH1L1z t+7oRDsojjMRORK5XJ+0AhHf53AYWBjWIkXKUNLfWk2PMaUzZbUwVCCoIUkbC4V9 4G86justAnf40X6YJbx4m/+0ShtRuE+Hj9kGOyVwhneqY6ajEFm6CqN1Qge1eGoV EbJzkowNcEZk4pCaZlkuOOZRh8V2HZzMwk9WzANLr7yK1CX8t6y6EM/lT2QU590+ nDu/oW3kOGEIlMuo3EhYRGk44XKFB54Mtt3YhJbEr2JsOxaRA8CkdwKXlPkz33Q3 rIGHu4UO0gsCADrBaDGzoO55C7rk597rAe/EZPy78YjUnVX+nIRgoXommuogQ2ur OBd5ogWUlDytj3ETtEEAX3bjHiApklIaG5t7jn5NUEQy4QbePGU= =1l2x -----END PGP SIGNATURE-----