Source: trafficserver Version: 9.2.5+ds-1 Severity: grave Tags: upstream security X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 9.2.5+ds-0+deb12u1
Hi, The following vulnerability was published for trafficserver. CVE-2024-53868[0]: | Apache Traffic Server allows request smuggling if chunked messages | are malformed. This issue affects Apache Traffic Server: from | 9.2.0 through 9.2.9, from 10.0.0 through 10.0.4. Users are | recommended to upgrade to version 9.2.10 or 10.0.5, which fixes the | issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-53868 https://www.cve.org/CVERecord?id=CVE-2024-53868 [1] https://www.openwall.com/lists/oss-security/2025/04/02/4 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
