-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5948-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 24, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : trafficserver CVE ID : CVE-2024-53868 CVE-2025-31698 CVE-2025-49763 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service, HTTP request smuggling or incorrect processing of ACLs. For the stable distribution (bookworm), these problems have been fixed in version 9.2.5+ds-0+deb12u3. We recommend that you upgrade your trafficserver packages. For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmha/ucACgkQEMKTtsN8 TjZgjA//U2U6tgvCsre/jnFIxW7jXFPlCRntukZwysvB5cu4VGd6InHg6hluizmu 1OOy5NTzXtFCHuCBRz91THS+Zl/mvejAVh+P+Iy1MSXCuI3bzr4iDFLv7dzHePJz uiExjSk0/1nhxkfy8q5blZr+vTF8Pk/e4uSIImvViVajM0c69Bpyg7FvpIWfJYdH EKlbg//mCBj5t449mn+k4gStbKUDhr/RN5zobiiRFm8haeWDM+cEy7YvjjHee47G amZmyb24GN+UaW5NFlv4xKCY8HANc8S8pIz1ov2IQ9EExIEP4xWOtnEO9IQrM4o1 0WUR/JO6jn6NKq1DkADvIjMhwceVCkbTYvUdnWOM2wnmkx56fDOl8kyXoBm4jXV6 9npQajgpCk7EwknFiMa36Ruw3qybiRIQWUCU7O7YzZJiy88JIvqPrFge5nj6XTdk dXgRkJ2KiGWOfd1GOjbZuIocqGzqrewbRMrXuoZJDDE1EulTKW25ClaVrWS9huUK luPRsmet6/XYLCaJy/U/slbxd26puX4eq24UdoYzAcXAJzpAV8vM3QwsdKVTioj/ paXsEpnztWk8pOmU+A3xtr7WmXW+qzWnIoCDPIMybo4Voh+3A4D6qVxBP3TzTyqx owJcwbAlOD2mx82QV+SiwU6PmBL9WeZqFEStwiBAReSrourwxyA= =jMkz -----END PGP SIGNATURE-----