- trafficserver (8.1.1+ds-1+rpi1) bullseye-staging; urgency=medium
++trafficserver (8.1.1+ds-1.1+rpi1) bullseye-staging; urgency=medium
+
+ [changes brought forward from 8.0.1-4+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sat, 19 Jan 2019 12:42:48 +0000]
+ * Use -latomic on raspbian too.
+
- -- Raspbian forward porter <root@raspbian.org> Sat, 12 Dec 2020 21:57:03 +0000
++ -- Raspbian forward porter <root@raspbian.org> Sat, 07 Aug 2021 00:02:59 +0000
++
+ trafficserver (8.1.1+ds-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Address CVE-2021-27577, CVE-2021-32565, CVE-2021-32566, CVE-2021-32567 and
+ CVE-2021-35474.
+ - CVE-2021-27577: Incorrect handling of url fragment leads to cache
+ poisoning
+ - CVE-2021-32565: HTTP Request Smuggling, content length with invalid
+ charters
+ - CVE-2021-32566: Specific sequence of HTTP/2 frames can cause ATS to
+ crash
+ - CVE-2021-32567: Reading HTTP/2 frames too many times
+ - CVE-2021-35474: Dynamic stack buffer overflow in cachekey plugin
+ (Closes: #990303)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Thu, 15 Jul 2021 21:48:17 +0200
trafficserver (8.1.1+ds-1) unstable; urgency=medium
projects / trafficserver.git / commitdiff