1505010 – Apache traffic server out of date

Bug 1505010 - Apache traffic server out of date

Summary: Apache traffic server out of date

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	trafficserver
Sub Component:
Version:	epel7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Jan-Frode Myklebust
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	non-responsive_maintainer_janfrode
Blocks:
TreeView+	depends on / blocked

Reported:	2017-10-21 01:37 UTC by Rosco
Modified:	2019-02-12 19:37 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-02-12 19:37:07 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Rosco 2017-10-21 01:37:37 UTC

Description of problem:
   - Apache traffic server included in EPEL is v 5.3.0 (2015-06-22)
   - Included version has multiple associated known DoS vulnerabilities
      - CVE-2016-5396
      - CVE-2017-5659


Version-Release number of selected component (if applicable):
   - Apache traffic server


How reproducible:
   - Install Apache Traffic Server from EPEL


Steps to Reproduce:
1. Add EPEL to repos and enable
2. yum -y install trafficserver
3.

Actual results:
   - Installs v5.3.0
   - http://mirror.overthewire.com.au/pub/epel/7/x86_64/t/trafficserver-5.3.0-1.el7.x86_64.rpm


Expected results:
   - Installs v6.x.x release (eg. 6.2.2)


Additional info:

Comment 1 Björn 'besser82' Esser 2019-02-12 19:37:07 UTC

Package has been retired [1] on epel7.


[1]  https://src.fedoraproject.org/rpms/trafficserver/c/99aa3258813f2fdd220c800acacf277949d29471?branch=epel7

Note You need to log in before you can comment on or make changes to this bug.