Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1505010 - Apache traffic server out of date
Summary: Apache traffic server out of date
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: trafficserver
Version: epel7
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
Assignee: Jan-Frode Myklebust
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: non-responsive_maintainer_janfrode
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-10-21 01:37 UTC by Rosco
Modified: 2019-02-12 19:37 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-02-12 19:37:07 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Rosco 2017-10-21 01:37:37 UTC 
Description of problem:
   - Apache traffic server included in EPEL is v 5.3.0 (2015-06-22)
   - Included version has multiple associated known DoS vulnerabilities
      - CVE-2016-5396
      - CVE-2017-5659


Version-Release number of selected component (if applicable):
   - Apache traffic server


How reproducible:
   - Install Apache Traffic Server from EPEL


Steps to Reproduce:
1. Add EPEL to repos and enable
2. yum -y install trafficserver
3.

Actual results:
   - Installs v5.3.0
   - http://mirror.overthewire.com.au/pub/epel/7/x86_64/t/trafficserver-5.3.0-1.el7.x86_64.rpm


Expected results:
   - Installs v6.x.x release (eg. 6.2.2)


Additional info:
Comment 1 Björn 'besser82' Esser 2019-02-12 19:37:07 UTC 
Package has been retired [1] on epel7.


[1]  https://src.fedoraproject.org/rpms/trafficserver/c/99aa3258813f2fdd220c800acacf277949d29471?branch=epel7
Note You need to log in before you can comment on or make changes to this bug.