From: Raspbian automatic forward porter <root@raspbian.org>
Date: Sat, 7 Aug 2021 00:02:59 +0000 (+0100)
Subject: Merge version 8.1.1+ds-1+rpi1 and 8.1.1+ds-1.1 to produce 8.1.1+ds-1.1+rpi1
X-Git-Tag: archive/raspbian/8.1.1+ds-1.1+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f3d6617ce5d40a81d551db9388c152df9e4d8716;p=trafficserver.git

Merge version 8.1.1+ds-1+rpi1 and 8.1.1+ds-1.1 to produce 8.1.1+ds-1.1+rpi1
---

f3d6617ce5d40a81d551db9388c152df9e4d8716
diff --cc debian/changelog
index f3560147,7739c856..b92f84a3
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,19 +1,26 @@@
- trafficserver (8.1.1+ds-1+rpi1) bullseye-staging; urgency=medium
++trafficserver (8.1.1+ds-1.1+rpi1) bullseye-staging; urgency=medium
 +
 +  [changes brought forward from 8.0.1-4+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sat, 19 Jan 2019 12:42:48 +0000]
 +  * Use -latomic on raspbian too.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Sat, 12 Dec 2020 21:57:03 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Sat, 07 Aug 2021 00:02:59 +0000
++
+ trafficserver (8.1.1+ds-1.1) unstable; urgency=medium
+ 
+   * Non-maintainer upload.
+   * Address CVE-2021-27577, CVE-2021-32565, CVE-2021-32566, CVE-2021-32567 and
+     CVE-2021-35474.
+     - CVE-2021-27577: Incorrect handling of url fragment leads to cache
+       poisoning
+     - CVE-2021-32565: HTTP Request Smuggling, content length with invalid
+       charters
+     - CVE-2021-32566: Specific sequence of HTTP/2 frames can cause ATS to
+       crash
+     - CVE-2021-32567: Reading HTTP/2 frames too many times
+     - CVE-2021-35474: Dynamic stack buffer overflow in cachekey plugin
+     (Closes: #990303)
+ 
+  -- Salvatore Bonaccorso <carnil@debian.org>  Thu, 15 Jul 2021 21:48:17 +0200
  
  trafficserver (8.1.1+ds-1) unstable; urgency=medium