[Git][security-tracker-team/security-tracker][master] LTS: release claim on trafficserver in dla-needed.txt

Tobias Frost (@tobi) tobi at debian.org
Thu Feb 9 21:37:32 GMT 2023 


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52bcd2ca by Tobias Frost at 2023-02-09T22:37:18+01:00
LTS: release claim on trafficserver in dla-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -339,10 +339,16 @@ tmux (Utkarsh)
   NOTE: 20230129: Programming language: C.
   NOTE: 20230129: VCS: https://salsa.debian.org/lts-team/packages/tmux.git
 --
-trafficserver (tobi)
+trafficserver
    NOTE: 20230202: Programming language: C.
    NOTE: 20230202: Note recent DLA-3279-1 update. Removed notes (2d9f50586010) suggest CVE-2022-31779 may have already been investigated. (lamby)
-  NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/trafficserver.git
+   NOTE: 20230206: VCS: https://salsa.debian.org/lts-team/packages/trafficserver.git
+   NOTE: 20230209: <tobi> very difficult to identify exact patches and on top significant refactoring, especially CVE-2022-31778
+   NOTE: 20230209; CVE-2022-32749 is possibly https://github.com/apache/trafficserver/pull/9243, (see security tracker)
+   NOTE: 20230209: CVE-2022-37392 mihgt be https://github.com/apache/trafficserver/commit/3b9cbf873a77bb7f9297f2b16496a290e0cf7de1
+   NOTE: 20230209: could find informatin for CVE-2022-31779, might be the same fix as CVE-2022-31778 (marked as to be ignored), but no proof on that…
+   NOTE: 20230209: not sure, maybe the safest way would be to update to 8.1.6. </tobi>
+
 --
 xfig (gladk)
   NOTE: 20230105: Programming language: C.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52bcd2cacb83db53dfa1f10c999d5f71c7b151bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52bcd2cacb83db53dfa1f10c999d5f71c7b151bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230209/087effe1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list