1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1101996: trafficserver: CVE-2024-53868: request smuggling via chunk

    From Salvatore Bonaccorso@21:1/5 to All on Thu Apr 3 21:00:01 2025
    U291cmNlOiB0cmFmZmljc2VydmVyClZlcnNpb246IDkuMi41K2RzLTEKU2V2ZXJpdHk6IGdyYXZl ClRhZ3M6IHVwc3RyZWFtIHNlY3VyaXR5ClgtRGViYnVncy1DYzogY2FybmlsQGRlYmlhbi5vcmcs IERlYmlhbiBTZWN1cml0eSBUZWFtIDx0ZWFtQHNlY3VyaXR5LmRlYmlhbi5vcmc+CkNvbnRyb2w6 IGZvdW5kIC0xIDkuMi41K2RzLTArZGViMTJ1MQoKSGksCgpUaGUgZm9sbG93aW5nIHZ1bG5lcmFi aWxpdHkgd2FzIHB1Ymxpc2hlZCBmb3IgdHJhZmZpY3NlcnZlci4KCkNWRS0yMDI0LTUzODY4WzBd Ogp8IEFwYWNoZSBUcmFmZmljIFNlcnZlciBhbGxvd3MgcmVxdWVzdCBzbXVnZ2xpbmcgaWYgY2h1 bmtlZCBtZXNzYWdlcwp8IGFyZSBtYWxmb3JtZWQuwqAgICAgICBUaGlzIGlzc3VlIGFmZmVjdHMg QXBhY2hlIFRyYWZmaWMgU2VydmVyOiBmcm9tCnwgOS4yLjAgdGhyb3VnaCA5LjIuOSwgZnJvbSAx MC4wLjAgdGhyb3VnaCAxMC4wLjQuICBVc2VycyBhcmUKfCByZWNvbW1lbmRlZCB0byB1cGdyYWRl IHRvIHZlcnNpb24gOS4yLjEwIG9yIDEwLjAuNSwgd2hpY2ggZml4ZXMgdGhlCnwgaXNzdWUuCgoK SWYgeW91IGZpeCB0aGUgdnVsbmVyYWJpbGl0eSBwbGVhc2UgYWxzbyBtYWtlIHN1cmUgdG8gaW5j bHVkZSB0aGUKQ1ZFIChDb21tb24gVnVsbmVyYWJpbGl0aWVzICYgRXhwb3N1cmVzKSBpZCBpbiB5 b3VyIGNoYW5nZWxvZyBlbnRyeS4KCkZvciBmdXJ0aGVyIGluZm9ybWF0aW9uIHNlZToKClswXSBo dHRwczovL3NlY3VyaXR5LXRyYWNrZXIuZGViaWFuLm9yZy90cmFja2VyL0NWRS0yMDI0LTUzODY4 CiAgICBodHRwczovL3d3dy5jdmUub3JnL0NWRVJlY29yZD9pZD1DVkUtMjAyNC01Mzg2OApbMV0g aHR0cHM6Ly93d3cub3BlbndhbGwuY29tL2xpc3RzL29zcy1zZWN1cml0eS8yMDI1LzA0LzAyLzQK ClBsZWFzZSBhZGp1c3QgdGhlIGFmZmVjdGVkIHZlcnNpb25zIGluIHRoZSBCVFMgYXMgbmVlZGVk LgoKUmVnYXJkcywKU2FsdmF0b3JlCg==

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Thu Jun 26 18:10:01 2025
    This is a multi-part message in MIME format...

    Your message dated Thu, 26 Jun 2025 16:03:16 +0000
    with message-id <E1uUp4G-002YKo-Dj@fasolo.debian.org>
    and subject line Bug#1101996: fixed in trafficserver 9.2.5+ds-0+deb12u3
    has caused the Debian Bug report #1101996,
    regarding trafficserver: CVE-2024-53868: request smuggling via chunked messages to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1101996: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101996
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 3 Apr 2025 18:55:31 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-8.6 required=4.0 tests=BAYES_00,FROMDEVELOPER,
    KHOP_HELO_FCRDNS,RDNS_DYNAMIC,SPF_HELO_NONE,SPF_NONE,XMAILER_REPORTBUG
    autolearn=ham autolearn_force=no
    version=3.4.6-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 15; hammy, 149; neutral, 46; spammy,
    1. spammytokens:0.944-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--H*r:eldamar.lan, 0.000-+--H*M:reportbug Return-path: <carnil@debian.org>
    Received: from c-82-192-244-13.customer.ggaweb.ch ([82.192.244.13]:60176 helo=eldamar.lan)
    by buxtehude.debian.org with esmtp (Exim 4.94.2)
    (envelope-from <carnil