[Git][security-tracker-team/security-tracker][master] Reserve DLA-4055-1 for trafficserver
Daniel Leidert (@dleidert)
dleidert at debian.org
Sun Feb 16 00:59:41 GMT 2025
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2fbb44e8 by Daniel Leidert at 2025-02-16T01:59:14+01:00
Reserve DLA-4055-1 for trafficserver
- - - - -
2 changed files:
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Feb 2025] DLA-4055-1 trafficserver - security update
+ {CVE-2024-38479 CVE-2024-50306}
+ [bullseye] - trafficserver 8.1.11+ds-0+deb11u2
[16 Feb 2025] DLA-4054-1 tryton-client - update
[bullseye] - tryton-client 5.0.33-1+deb11u1
[15 Feb 2025] DLA-4053-1 freerdp2 - security update
=====================================
data/dla-needed.txt
=====================================
@@ -267,15 +267,14 @@ tcpdf (Adrian Bunk)
NOTE: 20241205: Added by Front-Desk (santiago)
NOTE: 20241230: https://lists.debian.org/debian-lts/2024/12/msg00057.html (bunk)
--
-trafficserver (dleidert)
+trafficserver
NOTE: 20241120: Added by Front-Desk (Beuc)
NOTE: 20241120: Upcoming DSA (Beuc/front-desk)
- NOTE: 20241203: Only CVE-2024-38479 is listed as present in version 8.1.11 (dleidert)
NOTE: 20241203: Upstream announcement does not mention 8.1 for any of the 3 CVEs.
NOTE: 20241203: AFAIR upstream 8.1 support ended with the release of 10.0 (bunk)
- NOTE: 20250101: Waiting for feedback if CVE-2024-50306 affects 8.1 as well (dleidert)
- NOTE: 20250121: Still no feedback for CVE-2024-50306 (dleidert)
- NOTE: 20250210: Prepping DLA (dleidert)
+ NOTE: 20250216: DLA released fixing CVE-2024-38479 and CVE-2024-50306 (dleidert)
+ NOTE: 20250216: IMHO CVE-2024-50305 does not affect 8.x due to affected code being introduced later (dleidert)
+ NOTE: 20250216: Bookworm-PU necessary, but issues not fixed in Sid yet; contacted maintainer (dleidert)
--
twitter-bootstrap3
NOTE: 20241110: Added by Front-Desk (apo)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fbb44e8b47d6c2ab9539db085c9c4d1ab1b3adf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fbb44e8b47d6c2ab9539db085c9c4d1ab1b3adf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250216/db340721/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list