[Git][security-tracker-team/security-tracker][master] new ATS issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ef364a81 by Moritz Muehlenhoff at 2025-06-18T12:59:38+02:00
new ATS issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2025-31698 [ATS: Client IP address from PROXY protocol is not used for ACL]
+	- trafficserver <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/7
+	NOTE: https://github.com/apache/trafficserver/commit/ce942e0acacd5cc9f38bd07565a1dfc5ffed0e33 (9.2.11-rc0)
+	NOTE: https://github.com/apache/trafficserver/commit/91a654dfa4de0c48aa222b87bfb909f9f21b03e0 (master)
+CVE-2025-49763 [ATS: Remote DoS via memory exhaustion in ESI Plugin]
+	- trafficserver <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/7
+	NOTE: https://github.com/apache/trafficserver/commit/2db8b8dc96e57fc292850f77b9783630cc9590b9 (9.2.11-rc0)
+	NOTE: https://github.com/apache/trafficserver/commit/7f178de7de19498c1c320ea9b62c2f32355f3893 (master)
 CVE-2025-51381 (An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and  ...)
 	NOT-FOR-US: KCM3100
 CVE-2025-50202 (Lychee is a free photo-management tool. In versions starting from 6.6. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef364a8129648dfbf7639b6711a7fd8ef1f39651

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef364a8129648dfbf7639b6711a7fd8ef1f39651
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250618/1b70e33a/attachment.htm>