- trafficserver (8.1.9+ds-1~deb11u1+rpi1) bullseye-staging; urgency=medium
++trafficserver (8.1.11+ds-0+deb11u1+rpi1) bullseye-staging; urgency=medium
+
+ [changes brought forward from 8.0.1-4+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sat, 19 Jan 2019 12:42:48 +0000]
+ * Use -latomic on raspbian too.
+
- -- Raspbian forward porter <root@raspbian.org> Thu, 09 Nov 2023 18:56:45 +0000
++ -- Raspbian forward porter <root@raspbian.org> Thu, 26 Sep 2024 20:55:22 +0000
++
+ trafficserver (8.1.11+ds-0+deb11u1) bullseye-security; urgency=medium
+
+ * New upstream release.
+ - CVE-2023-38522: Incomplete field name check allows request smuggling
+ - CVE-2024-35161: Incomplete check for chunked trailer section allows
+ request smuggling
+ - CVE-2024-35296: Invalid Accept-Encoding can force forwarding requests
+
+ -- Adrian Bunk <bunk@debian.org> Thu, 26 Sep 2024 16:41:35 +0300
+
+ trafficserver (8.1.10+ds-1~deb11u1) bullseye-security; urgency=medium
+
+ * New upstream version 8.1.10+ds
+ * CVEs fix (Closes: #1068417)
+ - CVE-2024-31309: HTTP/2 CONTINUATION DoS attack
+
+ -- Jean Baptiste Favre <debian@jbfavre.org> Sat, 13 Apr 2024 11:54:31 +0200
trafficserver (8.1.9+ds-1~deb11u1) bullseye-security; urgency=medium
projects / trafficserver.git / commitdiff