This bug was fixed in the package varnish - 4.1.1-1ubuntu0.2
---
varnish (4.1.1-1ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: Correctly handle bogusly large chunk sizes (LP: #1708354)
- 4.1-Correctly-handle-bogusly-large-chunk-sizes.patch
-
This bug was fixed in the package varnish - 5.0.0-7ubuntu0.1
---
varnish (5.0.0-7ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: Correctly handle bogusly large chunk sizes (LP: #1708354)
- 5.0-Correctly-handle-bogusly-large-chunk-sizes.patch
- CVE-2017-12425
ACK on the debdiff in comment #10. I uploaded it with the revision
number bumped and with the second patch added to the changelog. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1708354
Title:
** Changed in: varnish (Ubuntu Zesty)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1708354
Title:
[CVE] Correctly handle bogusly large chunk sizes
To
** Changed in: varnish (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: varnish (Ubuntu Zesty)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
09:46:28 PM < sarnold> tsimonq2: I'm sorry to bug you about it immediately, but
could you split that out into a second patch in the debdiff? that'll make it
easier to revert one or the other if the need should arise in the future
09:47:00 PM < sarnold> if they were squashed from upstream, that'd
Hey Marc, thanks for the tip!
Attached is an updated Xenial debdiff for you.
Thanks!
** Patch added: "2-4.1.1-1ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1708354/+attachment/4930992/+files/2-4.1.1-1ubuntu0.1.debdiff
--
You received this bug notification
Hi Simon,
The xenial i386 package failed to build in the PPA. I suspect you need
to add the following patch:
https://github.com/varnishcache/varnish-
cache/commit/54b5a09f00c027da280361b30d32a4ff309ba3ab
See the upstream bug:
https://github.com/varnishcache/varnish-cache/issues/1875
Could you
No need to patch 3.x the code is not exposed.
Best regards
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1708354
Title:
[CVE] Correctly handle bogusly large chunk sizes
To manage notifications
Packages are building in the security-proposed ppa https://launchpad.net
/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages -- please test.
Local builds showed some symbols being removed, which I don't
understand:
./usr/lib/x86_64-linux-gnu/libvarnishapi.so.1.0.4:
-__isnan U
Attached is a debdiff for Xenial applicable to 4.1.1-1.
** Patch added: "1-4.1.1-1ubuntu0.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1708354/+attachment/4928514/+files/1-4.1.1-1ubuntu0.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Attached is a debdiff for Zesty applicable to 5.0.0-7.
** Summary changed:
- VSV1 DoS vulnerability
+ [CVE] Correctly handle bogusly large chunk sizes
** Patch added: "1-5.0.0-7ubuntu0.1.debdiff"
12 matches
Mail list logo
