From: Raspbian automatic forward porter <root@raspbian.org>
Date: Thu, 9 Nov 2023 18:56:45 +0000 (+0000)
Subject: Merge version 8.1.7+ds-1~deb11u1+rpi1 and 8.1.9+ds-1~deb11u1 to produce 8.1.9+ds... 
X-Git-Tag: archive/raspbian/8.1.9+ds-1_deb11u1+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=1a0d36456849624ad4161b4741805cd64a27212f;p=trafficserver.git

Merge version 8.1.7+ds-1~deb11u1+rpi1 and 8.1.9+ds-1~deb11u1 to produce 8.1.9+ds-1~deb11u1+rpi1
---

1a0d36456849624ad4161b4741805cd64a27212f
diff --cc debian/changelog
index df88f2ea,fe3a8b01..ec5ea51a
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,15 +1,22 @@@
- trafficserver (8.1.7+ds-1~deb11u1+rpi1) bullseye-staging; urgency=medium
++trafficserver (8.1.9+ds-1~deb11u1+rpi1) bullseye-staging; urgency=medium
 +
 +  [changes brought forward from 8.0.1-4+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sat, 19 Jan 2019 12:42:48 +0000]
 +  * Use -latomic on raspbian too.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Fri, 28 Jul 2023 10:38:58 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Thu, 09 Nov 2023 18:56:45 +0000
++
+ trafficserver (8.1.9+ds-1~deb11u1) bullseye-security; urgency=medium
+ 
+   * New upstream version 8.1.9+ds
+   * Update d/patches for 8.1.9+ds-1~deb11u1 release
+   * Update d/trafficserver-experimental-plugins.install
+   * Multiple CVE fixes for 8.1.x (Closes: #1054427, Closes: #1053801)
+     - CVE-2022-47185: Improper input validation vulnerability
+     - CVE-2023-33934: Improper Input Validation vulnerability
+     - CVE-2023-41752: Exposure of Sensitive Information to an Unauthorized Actor
+     - CVE-2023-44487: The HTTP/2 protocol allows a denial of service
+ 
+  -- Jean Baptiste Favre <debian@jbfavre.org>  Thu, 02 Nov 2023 17:00:26 +0100
  
  trafficserver (8.1.7+ds-1~deb11u1) bullseye-security; urgency=high