Bug#1068417: marked as done (trafficserver: CVE-2024-31309: HTTP/2 CONTINUATION frames can be utilized for DoS attacks)

Mon, 15 Apr 2024 14:54:14 -0700 

Your message dated Mon, 15 Apr 2024 21:50:27 +0000
with message-id <e1rwudb-0069fk...@fasolo.debian.org>
and subject line Bug#1068417: fixed in trafficserver 9.2.4+ds-0+deb12u1
has caused the Debian Bug report #1068417,
regarding trafficserver: CVE-2024-31309: HTTP/2 CONTINUATION frames can be 
utilized for DoS attacks
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1068417: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068417
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: trafficserver
Version: 9.2.3+ds-1+deb12u1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 8.1.9+ds-1~deb11u1

Hi,

The following vulnerability was published for trafficserver.

CVE-2024-31309[0].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-31309
    https://www.cve.org/CVERecord?id=CVE-2024-31309
[1] https://www.kb.cert.org/vuls/id/421644
[2] https://github.com/apache/trafficserver/pull/11207
[3] https://github.com/apache/trafficserver/pull/11206

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: trafficserver
Source-Version: 9.2.4+ds-0+deb12u1
Done: Jean Baptiste Favre <deb...@jbfavre.org>

We believe that the bug you reported is fixed in the latest version of
trafficserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1068...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jean Baptiste Favre <deb...@jbfavre.org> (supplier of updated trafficserver 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Apr 2024 11:21:19 +0200
Source: trafficserver
Architecture: source
Version: 9.2.4+ds-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Jean Baptiste Favre <deb...@jbfavre.org>
Changed-By: Jean Baptiste Favre <deb...@jbfavre.org>
Closes: 1068417
Changes:
 trafficserver (9.2.4+ds-0+deb12u1) bookworm-security; urgency=medium
 .
   * New upstream version 9.2.4+ds
   * Refresh d/patches for 9.2.4 release
   * CVEs fix (Closes: #1068417)
     - CVE-2024-31309: HTTP/2 CONTINUATION DoS attack
Checksums-Sha1:
 6e5ee8e9dcb447167fc51f205fc7aa4079d8bf9c 3024 
trafficserver_9.2.4+ds-0+deb12u1.dsc
 cd8b0489c081639feab09a8b6b2ee35187bc9237 8946216 
trafficserver_9.2.4+ds.orig.tar.xz
 07bb1879ce7bd25836ffa6e9f9bd69c1da79434b 35920 
trafficserver_9.2.4+ds-0+deb12u1.debian.tar.xz
 30a5558923240e4cbf8b0e5e5963df0d018f3605 12785 
trafficserver_9.2.4+ds-0+deb12u1_source.buildinfo
Checksums-Sha256:
 da6bc838544fb3a59f812a46dcfd3c88c9124c07591d287c9bd033e808c05bd5 3024 
trafficserver_9.2.4+ds-0+deb12u1.dsc
 9eb6089cfb91d07eb2b44d26c6f37ed1071fd1eb19113e6870afeefdc801cda7 8946216 
trafficserver_9.2.4+ds.orig.tar.xz
 ea1321713b68ae05f04256ecdd35e48e653f9415b4f073202b8e55fff42154f8 35920 
trafficserver_9.2.4+ds-0+deb12u1.debian.tar.xz
 f1e816ed062ca2d7c8907175270af614034dca1e40b4ac6db9d943804e131911 12785 
trafficserver_9.2.4+ds-0+deb12u1_source.buildinfo
Files:
 15e0de4e8662bc8879a922e803e8d77b 3024 web optional 
trafficserver_9.2.4+ds-0+deb12u1.dsc
 0e061f5cdca01522220fb748ae34e6fb 8946216 web optional 
trafficserver_9.2.4+ds.orig.tar.xz
 83f96627c72a08dbc595e9bb1dc44db5 35920 web optional 
trafficserver_9.2.4+ds-0+deb12u1.debian.tar.xz
 a0a8f048d8e97ec67ab2ef40c384adbc 12785 web optional 
trafficserver_9.2.4+ds-0+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEToRbojDLTUSJBphHtN1Tas99hzcFAmYaVIZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRF
ODQ1QkEyMzBDQjRENDQ4OTA2OTg0N0I0REQ1MzZBQ0Y3RDg3MzcACgkQtN1Tas99
hze/vA//aaLprYJOSyqBGa7LIM2IUd+2hIbdiRWTN/6kHIzSngLbUF+I37bEgZcz
aFT4GrqXioBSwYyMrj2WipZR/tKDJbJpo+glzOqwLmCqFyNWe+TtEZ0pUfnd1gEW
m9r6XlftZXZ8yU9LeCtQQ5N9Z/KR1iYTrSKrq2ryq7yey2HdNfq4sYsgZoQ/yplv
D4iRfc2HvrAq3X3w5Ai9LlpXtavXuy9+17c8MgOXU9ZzQpmYZHDyXwS5yOcVqtUe
oO5lkjK6kZ8gD8DlXmz4wJpKgJ2mHyWdgvSMX6mn5VzGS40qIOxng025E5rvGDfw
y7fkJPhq1Yq6p3WEtV8ZWZ4xgdSJpx3ZzEuBKJakucBCTmRIHrpGPK5rVfsbZDId
x+x+vQvsoBl00wvh5j+aecDXfnBkfR+P0xytD4+tgJ+qI3J4UHsMB948bV1aOXmc
ONsP0RD97mQyJ+hEfV4ewVBnQ69T6MEOmKLfVcv9tpGzQO51SRaIVhIQbOqybeCC
ojxBuzrFbtfhlwAMyUZnTRWjnulETA3SpEQdekBOP85GSuinRvoj6k2Ukjpo+q53
k/VX0Ux6pWM91OQSOmICB2lrzCD6ZNFFFC2GSx8eBr3h5qscjjmT59XrmZ3AJr6w
F7uwGrwnv9gKIEhOug5u5bvNf1KR3ZXaGmYv77ihAiuCCx7O6Jo=
=FLQO
-----END PGP SIGNATURE-----

Attachment: pgpBMLGpByX44.pgp
Description: PGP signature


--- End Message ---

Reply via email to