[SECURITY] [DSA 5435-2] trafficserver security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5435-2] trafficserver security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 22 Jun 2023 18:03:01 +0000
Message-id: <[🔎] ZJSM1fby7yJjQr02@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5435-2                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 22, 2023                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : trafficserver
CVE ID         : CVE-2022-47184 CVE-2023-30631 CVE-2023-33933
Debian Bug     : 1038248

Several vulnerabilities were discovered in Apache Traffic Server, a
reverse and forward proxy server, which could result in information
disclosure or denial of service.

For the stable distribution (bookworm), these problems have been fixed in
version 9.2.0+ds-2+deb12u1. This is a no change rebuild of the update
from DSA-5435-1 with a corrected version number.

We recommend that you upgrade your trafficserver packages.

For the detailed security status of trafficserver please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/trafficserver

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSUjFIACgkQEMKTtsN8
TjZ6Gw/8Ctomm+O4LFVSFL9LYqZs+9OzgKfPuufd4Py5Uv6v9U2pfAChExie8yRc
alUMBU0oM4u4VMH47w/lLK0H5wAoZgBSnbv8IcT9MSAUQRCXkntDe96WQr+dPqqz
CsEQ1NMy7KEEgql9RmgWZT7e9/X7PWDXQonlNRlKaQ50nsspQnF0StllXJpldfhc
xbs5dhVdWbhgTQFTACM1li4vWg/yXs3GiwXle8gyCZCzk2rV/4F+LcBWghn0Tkci
CksG3Nk8LW5ySgkWBy6vhpLvVLxvc4yoJW2CJelcxZ0b/7VbiqVAy+i9sP1DtAWa
EUUxcU2vRTBmyMYXNQBF4t2mLe7ZbqtbZjsxfhTApzGCSjNc/wCyAcTMDL1sHA5d
2MduoF9afAJAuMEz1LHtdqNbZyqubx5GhNIlnvI20uUZAZtHPrzaL1JearET0JGg
mkj+HQM8tw4s6B2eGeYgV7Enh+2nyVUrmuVtL36dOmrNKpENCLXGElGw0/aMUwLZ
O6bUARH4a9JcLK0FcFjwzeiJzQOk4SX3r0r1rnYhD2DWJzToVMkvj/MezDCnBTiE
shrOqnJJhsU3o9gkNPFwbzh06oOUKbd7F4h8Hk6IuWJL+Shj+t2kopBW/9p0ToAQ
Ch/caXXHKV9w5BtqJljRFlG+s71yHELqDAN5ZLfVOg/1TYtaTFE=
=URci
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5437-1] hsqldb security update
Next by Date: [SECURITY] [DSA 5438-1] asterisk security update
Previous by thread: [SECURITY] [DSA 5437-1] hsqldb security update
Next by thread: [SECURITY] [DSA 5438-1] asterisk security update
Index(es):
- Date
- Thread