From: Raspbian automatic forward porter <root@raspbian.org>
Date: Tue, 18 Feb 2025 14:59:41 +0000 (+0000)
Subject: Merge version 8.1.9+ds-1~deb11u1+rpi1 and 8.1.11+ds-0+deb11u2 to produce 8.1.11+ds... 
X-Git-Tag: archive/raspbian/8.1.11+ds-0+deb11u2+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=61a2818e3b3e40ef9cbfd6be9a0abbfedbc09ff4;p=trafficserver.git

Merge version 8.1.9+ds-1~deb11u1+rpi1 and 8.1.11+ds-0+deb11u2 to produce 8.1.11+ds-0+deb11u2+rpi1
---

61a2818e3b3e40ef9cbfd6be9a0abbfedbc09ff4
diff --cc debian/changelog
index ec5ea51a,6104aea4..b9521145
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,31 +1,38 @@@
- trafficserver (8.1.9+ds-1~deb11u1+rpi1) bullseye-staging; urgency=medium
++trafficserver (8.1.11+ds-0+deb11u2+rpi1) bullseye-staging; urgency=medium
 +
 +  [changes brought forward from 8.0.1-4+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sat, 19 Jan 2019 12:42:48 +0000]
 +  * Use -latomic on raspbian too.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Thu, 09 Nov 2023 18:56:45 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Tue, 18 Feb 2025 14:59:41 +0000
++
+ trafficserver (8.1.11+ds-0+deb11u2) bullseye-security; urgency=medium
+ 
+   * Non-maintainer upload by the Debian LTS Team.
+   * d/patches/CVE-2024-38479.patch: Fix CVE-2024-38479 (closes: #1087531).
+     - Fix improper Input Validation vulnerability in Apache Traffic Server.
+   * d/patches/CVE-2024-50306.patch: Fix CVE-2024-50306 (closes: #1087531).
+     - Fix a possible problem that can allow Apache Traffic Server to retain
+       privileges on startup.
+ 
+  -- Daniel Leidert <dleidert@debian.org>  Sat, 15 Feb 2025 23:30:52 +0100
+ 
+ trafficserver (8.1.11+ds-0+deb11u1) bullseye-security; urgency=medium
+ 
+   * New upstream release.
+     - CVE-2023-38522: Incomplete field name check allows request smuggling
+     - CVE-2024-35161: Incomplete check for chunked trailer section allows
+       request smuggling
+     - CVE-2024-35296: Invalid Accept-Encoding can force forwarding requests
+ 
+  -- Adrian Bunk <bunk@debian.org>  Thu, 26 Sep 2024 16:41:35 +0300
+ 
+ trafficserver (8.1.10+ds-1~deb11u1) bullseye-security; urgency=medium
+ 
+   * New upstream version 8.1.10+ds
+   * CVEs fix (Closes: #1068417)
+     - CVE-2024-31309: HTTP/2 CONTINUATION DoS attack
+ 
+  -- Jean Baptiste Favre <debian@jbfavre.org>  Sat, 13 Apr 2024 11:54:31 +0200
  
  trafficserver (8.1.9+ds-1~deb11u1) bullseye-security; urgency=medium