* Salvatore Bonaccorso:
> Thanks a lot for your testing, this is very much appreciated!
>
> Florian, should we go ahead with the DSA release?
We should, I'll look into it this evening. Thanks for all the
testing!
Hi Andreas,
On Mon, Feb 28, 2022 at 09:03:44AM +0100, Andreas Unterkircher wrote:
> > It appreciate if you could test bullseye as well. Thanks!
>
> Have updated a server with Buster (on which I've tested Varnish
> v6.1.1-1+deb10u3 before) to Bullseye and upgraded Varnish to
> 6.5.1-1+deb11u2.
>
It appreciate if you could test bullseye as well. Thanks!
Have updated a server with Buster (on which I've tested Varnish
v6.1.1-1+deb10u3 before) to Bullseye and upgraded Varnish to
6.5.1-1+deb11u2.
The results are pretty much the same as with Buster.
The hosted pages work correctly with
* Andreas Unterkircher:
> Hello Salvatore!
>
>> Unofficial and amd64 only builds (including the source in case you
>> want to built it on your own) are at:
>>
>> https://people.debian.org/~carnil/tmp/varnish/
>
> I've installed v6.1.1 packages on several of our Buster servers.
> Apparently all
Hello Salvatore!
Unofficial and amd64 only builds (including the source in case you
want to built it on your own) are at:
https://people.debian.org/~carnil/tmp/varnish/
I've installed v6.1.1 packages on several of our Buster servers.
Apparently all the websites and portals hosted there are
Hi Andreas,
Sorry for the delay, busy yesterday.
On Wed, Feb 23, 2022 at 11:23:38AM +0100, Andreas Unterkircher wrote:
> Hello Salvatore!
>
> > Those updates were already prepared by Florian Weimer, but we need
> > someone using it to actually test the updates as it includes other CVE
> > fixes
Hello Salvatore!
Those updates were already prepared by Florian Weimer, but we need
someone using it to actually test the updates as it includes other CVE
fixes (namely CVE-2021-36740). If you are interested to test (yet
unofficial) debs, let us know, this might speed up a bit the DSA
release
Hi,
On Wed, Feb 23, 2022 at 09:40:39AM +0100, Andreas Unterkircher wrote:
> I know we (or most of us) are volunteers working on Debian. But I have to
> admit I'm a bit worried that we haven't patched this critical
> cache-poisoning vulnerability in Varnish for one month (except in Debian
>
I know we (or most of us) are volunteers working on Debian. But I have
to admit I'm a bit worried that we haven't patched this critical
cache-poisoning vulnerability in Varnish for one month (except in Debian
Stretch LTS).
Attached patches containing the fixes for CVE-2022-23959.
For Debian
9 matches
Mail list logo
