Source: trafficserver
Version: 9.2.5+ds-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc:
carnil@debian.org, Debian Security Team <
team@security.debian.org>
Hi,
The following vulnerabilities were published for trafficserver.
CVE-2024-38311[0]:
| Improper Input Validation vulnerability in Apache Traffic Server.
| This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11,
| from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are
| recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the
| issue.
CVE-2024-56195[1]:
| Improper Access Control vulnerability in Apache Traffic Server.
| This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8,
| from 10.0.0 through 10.0.3. Users are recommended to upgrade to
| version 9.2.9 or 10.0.4, which fixes the issue.
CVE-2024-56202[2]:
| Expected Behavior Violation vulnerability in Apache Traffic Server.
| This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8,
| from 10.0.0 through 10.0.3. Users are recommended to upgrade to
| versions 9.2.9 or 10.0.4 or newer, which fixes the issue.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0]
https://security-tracker.debian.org/tracker/CVE-2024-38311
https://www.cve.org/CVERecord?id=CVE-2024-38311
[1]
https://security-tracker.debian.org/tracker/CVE-2024-56195
https://www.cve.org/CVERecord?id=CVE-2024-56195
[2]
https://security-tracker.debian.org/tracker/CVE-2024-56202
https://www.cve.org/CVERecord?id=CVE-2024-56202
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)