Your message dated Mon, 15 Apr 2024 21:50:27 +0000 with message-id <e1rwudb-0069fk...@fasolo.debian.org> and subject line Bug#1068417: fixed in trafficserver 9.2.4+ds-0+deb12u1 has caused the Debian Bug report #1068417, regarding trafficserver: CVE-2024-31309: HTTP/2 CONTINUATION frames can be utilized for DoS attacks to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1068417: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068417 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: trafficserver Version: 9.2.3+ds-1+deb12u1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 8.1.9+ds-1~deb11u1 Hi, The following vulnerability was published for trafficserver. CVE-2024-31309[0]. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-31309 https://www.cve.org/CVERecord?id=CVE-2024-31309 [1] https://www.kb.cert.org/vuls/id/421644 [2] https://github.com/apache/trafficserver/pull/11207 [3] https://github.com/apache/trafficserver/pull/11206 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: trafficserver Source-Version: 9.2.4+ds-0+deb12u1 Done: Jean Baptiste Favre <deb...@jbfavre.org> We believe that the bug you reported is fixed in the latest version of trafficserver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1068...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jean Baptiste Favre <deb...@jbfavre.org> (supplier of updated trafficserver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 13 Apr 2024 11:21:19 +0200 Source: trafficserver Architecture: source Version: 9.2.4+ds-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Jean Baptiste Favre <deb...@jbfavre.org> Changed-By: Jean Baptiste Favre <deb...@jbfavre.org> Closes: 1068417 Changes: trafficserver (9.2.4+ds-0+deb12u1) bookworm-security; urgency=medium . * New upstream version 9.2.4+ds * Refresh d/patches for 9.2.4 release * CVEs fix (Closes: #1068417) - CVE-2024-31309: HTTP/2 CONTINUATION DoS attack Checksums-Sha1: 6e5ee8e9dcb447167fc51f205fc7aa4079d8bf9c 3024 trafficserver_9.2.4+ds-0+deb12u1.dsc cd8b0489c081639feab09a8b6b2ee35187bc9237 8946216 trafficserver_9.2.4+ds.orig.tar.xz 07bb1879ce7bd25836ffa6e9f9bd69c1da79434b 35920 trafficserver_9.2.4+ds-0+deb12u1.debian.tar.xz 30a5558923240e4cbf8b0e5e5963df0d018f3605 12785 trafficserver_9.2.4+ds-0+deb12u1_source.buildinfo Checksums-Sha256: da6bc838544fb3a59f812a46dcfd3c88c9124c07591d287c9bd033e808c05bd5 3024 trafficserver_9.2.4+ds-0+deb12u1.dsc 9eb6089cfb91d07eb2b44d26c6f37ed1071fd1eb19113e6870afeefdc801cda7 8946216 trafficserver_9.2.4+ds.orig.tar.xz ea1321713b68ae05f04256ecdd35e48e653f9415b4f073202b8e55fff42154f8 35920 trafficserver_9.2.4+ds-0+deb12u1.debian.tar.xz f1e816ed062ca2d7c8907175270af614034dca1e40b4ac6db9d943804e131911 12785 trafficserver_9.2.4+ds-0+deb12u1_source.buildinfo Files: 15e0de4e8662bc8879a922e803e8d77b 3024 web optional trafficserver_9.2.4+ds-0+deb12u1.dsc 0e061f5cdca01522220fb748ae34e6fb 8946216 web optional trafficserver_9.2.4+ds.orig.tar.xz 83f96627c72a08dbc595e9bb1dc44db5 35920 web optional trafficserver_9.2.4+ds-0+deb12u1.debian.tar.xz a0a8f048d8e97ec67ab2ef40c384adbc 12785 web optional trafficserver_9.2.4+ds-0+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEToRbojDLTUSJBphHtN1Tas99hzcFAmYaVIZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDRF ODQ1QkEyMzBDQjRENDQ4OTA2OTg0N0I0REQ1MzZBQ0Y3RDg3MzcACgkQtN1Tas99 hze/vA//aaLprYJOSyqBGa7LIM2IUd+2hIbdiRWTN/6kHIzSngLbUF+I37bEgZcz aFT4GrqXioBSwYyMrj2WipZR/tKDJbJpo+glzOqwLmCqFyNWe+TtEZ0pUfnd1gEW m9r6XlftZXZ8yU9LeCtQQ5N9Z/KR1iYTrSKrq2ryq7yey2HdNfq4sYsgZoQ/yplv D4iRfc2HvrAq3X3w5Ai9LlpXtavXuy9+17c8MgOXU9ZzQpmYZHDyXwS5yOcVqtUe oO5lkjK6kZ8gD8DlXmz4wJpKgJ2mHyWdgvSMX6mn5VzGS40qIOxng025E5rvGDfw y7fkJPhq1Yq6p3WEtV8ZWZ4xgdSJpx3ZzEuBKJakucBCTmRIHrpGPK5rVfsbZDId x+x+vQvsoBl00wvh5j+aecDXfnBkfR+P0xytD4+tgJ+qI3J4UHsMB948bV1aOXmc ONsP0RD97mQyJ+hEfV4ewVBnQ69T6MEOmKLfVcv9tpGzQO51SRaIVhIQbOqybeCC ojxBuzrFbtfhlwAMyUZnTRWjnulETA3SpEQdekBOP85GSuinRvoj6k2Ukjpo+q53 k/VX0Ux6pWM91OQSOmICB2lrzCD6ZNFFFC2GSx8eBr3h5qscjjmT59XrmZ3AJr6w F7uwGrwnv9gKIEhOug5u5bvNf1KR3ZXaGmYv77ihAiuCCx7O6Jo= =FLQO -----END PGP SIGNATURE-----pgpBMLGpByX44.pgp
Description: PGP signature
--- End Message ---