From: Raspbian automatic forward porter <root@raspbian.org>
Date: Fri, 12 May 2023 07:35:44 +0000 (+0100)
Subject: Merge version 8.0.2+ds-1+rpi1+deb10u7 and 8.1.6+ds-1~deb10u1 to produce 8.1.6+ds... 
X-Git-Tag: archive/raspbian/8.1.6+ds-1_deb10u1+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=6c4b1d34994db9a45d36285a1db10c70286fa58e;p=trafficserver.git

Merge version 8.0.2+ds-1+rpi1+deb10u7 and 8.1.6+ds-1~deb10u1 to produce 8.1.6+ds-1~deb10u1+rpi1
---

6c4b1d34994db9a45d36285a1db10c70286fa58e
diff --cc debian/changelog
index 690207cb,e6e6f549..7104eed6
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,24 -1,45 +1,52 @@@
- trafficserver (8.0.2+ds-1+rpi1+deb10u7) buster-staging; urgency=medium
++trafficserver (8.1.6+ds-1~deb10u1+rpi1) buster-staging; urgency=medium
 +
 +  [changes brought forward from 8.0.1-4+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sat, 19 Jan 2019 12:42:48 +0000]
 +  * Use -latomic on raspbian too.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Sun, 22 Jan 2023 18:24:32 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Fri, 12 May 2023 07:35:43 +0000
 +
- trafficserver (8.0.2+ds-1+deb10u7) buster-security; urgency=medium
+ trafficserver (8.1.6+ds-1~deb10u1) buster-security; urgency=high
  
-   * Non-maintainer upload by the Debian LTS Team.
-   * Multiple CVE fixes 
+   * Non-maintainer upload by the LTS team.
+   * Backport upstream version 8.1.6 to Buster.
+   * Fix CVE-2022-31778, CVE-2022-31779, CVE-2022-32749, CVE-2022-37392.
+     Several vulnerabilities were discovered in Apache Traffic Server, a reverse
+     and forward proxy server, which could result in HTTP request smuggling,
+     cache poisoning or information disclosure.
+ 
+  -- Markus Koschany <apo@debian.org>  Wed, 05 Apr 2023 22:24:05 +0200
+ 
+ trafficserver (8.1.6+ds-1~deb11u1) bullseye-security; urgency=high
+ 
+   * Update d/u/signing-key for 8.1.x serie
+   * New upstream version 8.1.6+ds
+   * Multiple CVE fixes for 8.1.x
+     + CVE-2022-32749: Improper Check for Unusual or Exceptional Conditions vulnerability
+     + CVE-2022-37392: Improper Check for Unusual or Exceptional Conditions vulnerability
+ 
+  -- Jean Baptiste Favre <debian@jbfavre.org>  Wed, 04 Jan 2023 09:22:58 +0100
+ 
+ trafficserver (8.1.5+ds-1~deb11u1) bullseye-security; urgency=high
+ 
+   * Update d/watch to stick to 8.1.X serie
+   * Update upstream gpg keys
+   * UPdate d/salsa-ci.yaml
+   * New upstream version 8.1.5+ds
+   * Patches refresh for 8.1.5
+   * Update experimental plugins list
+   * Multiple CVE fixes for 8.1.x
      + CVE-2021-37150: Protocol vs scheme mismatch
-     + CVE-2022-25763 Improper input validation on HTTP/2 headers
-     + CVE-2022-28129  Insufficient Validation of HTTP/1.x Headers
-     + CVE-2022-31780 HTTP/2 framing vulnerabilities
+     + CVE-2022-25763: Improper input validation on HTTP/2 headers
+     + CVE-2022-28129: Insufficient Validation of HTTP/1.x Headers
+     + CVE-2022-31778: Transfer-Encoding not treated as hop-by-hop
+     + CVE-2022-31779: Improper HTTP/2 scheme and method validation
+     + CVE-2022-31780: HTTP/2 framing vulnerabilities 
  
-  -- Abhijith PA <abhijith@debian.org>  Sat, 29 Oct 2022 18:03:47 +0530
+  -- Jean Baptiste Favre <debian@jbfavre.org>  Fri, 12 Aug 2022 09:16:08 +0200
  
- trafficserver (8.0.2+ds-1+deb10u6) buster-security; urgency=high
+ trafficserver (8.1.1+ds-1.1+deb11u1) bullseye-security; urgency=high
  
-   * Multiple CVE fixes for 8.0.x
+   * Multiple CVE fixes for 8.1.x
      + CVE-2021-37147: Improper input validation vulnerability
      + CVE-2021-37148: Improper input validation vulnerability
      + CVE-2021-37149: Improper Input Validation vulnerability