[Git][security-tracker-team/security-tracker][master] new ATS issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Nov 14 07:57:35 GMT 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
58e3068f by Moritz Muehlenhoff at 2024-11-14T08:57:11+01:00
new ATS issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,20 @@
+CVE-2024-50306 [ATS: Server process can fail to drop privileges]
+	- trafficserver <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2024/11/13/1
+	NOTE: https://github.com/apache/trafficserver/pull/11855
+	NOTE: https://github.com/apache/trafficserver/commit/27f504883547502b1f5e4e389edd7f26e3ab246f (9.2.6-rc0)
+	NOTE: https://github.com/apache/trafficserver/commit/ae638096e259121d92d46a9f57026a5ff5bc328b (master)
+CVE-2024-38479 [ATS: Cache key plugin is vulnerable to cache poisoning attack]
+	- trafficserver <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2024/11/13/1
+	NOTE: https://github.com/apache/trafficserver/pull/11856
+	NOTE: https://github.com/apache/trafficserver/commit/b8861231702ac5df7d5de401e82440c1cf20b633 (9.2.6-rc0)
+CVE-2024-50305 [ATS: Valid Host field value can cause crashes]
+	- trafficserver <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2024/11/13/1
+	NOTE: https://github.com/apache/trafficserver/issues/8461
+	NOTE: https://github.com/apache/trafficserver/commit/5e39658f7c0bc91613468c9513ba22ede1739d7e (9.2.6-rc0)
+	NOTE: https://github.com/apache/trafficserver/commit/055ca11c2842a64bf7df8d547515670e1a04afc1 (master)
 CVE-2024-52554
 	NOT-FOR-US: Jenkins plugin
 CVE-2024-52553


=====================================
data/dsa-needed.txt
=====================================
@@ -37,6 +37,8 @@ smarty3
 --
 smarty4
 --
+trafficserver
+--
 wordpress
 --
 xen



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58e3068f39ad9b1394da199015918813c7655603

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58e3068f39ad9b1394da199015918813c7655603
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241114/61a803b5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list