Information on source package trafficserver

Available versions

ReleaseVersion
stretch (security)7.0.0-6+deb9u2
buster (security)8.0.2+ds-1+deb10u1
bullseye8.0.5+ds-2
sid8.0.5+ds-2

Open issues

BugstretchbusterbullseyesidDescription
CVE-2019-9518vulnerablefixedfixedfixedSome HTTP/2 implementations are vulnerable to a flood of empty frames, ...
CVE-2019-9515vulnerablefixedfixedfixedSome HTTP/2 implementations are vulnerable to a settings flood, potent ...
CVE-2019-9514vulnerablefixedfixedfixedSome HTTP/2 implementations are vulnerable to a reset flood, potential ...
CVE-2019-9512vulnerablefixedfixedfixedSome HTTP/2 implementations are vulnerable to ping floods, potentially ...
CVE-2019-10079vulnerablefixedfixedfixedApache Traffic Server is vulnerable to HTTP/2 setting flood attacks. E ...
CVE-2018-11783vulnerable (no DSA, postponed)fixedfixedfixedsslheaders plugin extracts information from the client certificate and ...

Resolved issues

BugDescription
CVE-2018-8040Pages that are rendered using the ESI plugin can have access to the co ...
CVE-2018-8022A carefully crafted invalid TLS handshake can cause Apache Traffic Ser ...
CVE-2018-8005When there are multiple ranges in a range request, Apache Traffic Serv ...
CVE-2018-8004There are multiple HTTP smuggling and cache poisoning issues when clie ...
CVE-2018-1318Adding method ACLs in remap.config can cause a segfault when the user ...
CVE-2017-7671There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2 ...
CVE-2017-5660There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prio ...
CVE-2017-5659Apache Traffic Server before 6.2.1 generates a coredump when there is ...
CVE-2016-5396Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Att ...
CVE-2015-5206Unspecified vulnerability in the HTTP/2 experimental feature in Apache ...
CVE-2015-5168Unspecified vulnerability in the HTTP/2 experimental feature in Apache ...
CVE-2015-3249The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before ...
CVE-2014-3624Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to by ...
CVE-2014-3525Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, ...
CVE-2014-10022Apache Traffic Server before 5.1.2 allows remote attackers to cause a ...
CVE-2012-0256Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3. ...
CVE-2010-2952Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, d ...

Security announcements

DSA / DLADescription
DSA-4520-1trafficserver - security update
DSA-4282-1trafficserver - security update
DSA-4128-1trafficserver - security update

Search for package or bug name: Reporting problems