Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package varnish for openSUSE:Factory checked in at 2022-11-10 14:22:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/varnish (Old) and /work/SRC/openSUSE:Factory/.varnish.new.1597 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "varnish" Thu Nov 10 14:22:54 2022 rev:42 rq:1034895 version:7.2.1 Changes: -------- --- /work/SRC/openSUSE:Factory/varnish/varnish.changes 2022-11-01 13:43:15.536116549 +0100 +++ /work/SRC/openSUSE:Factory/.varnish.new.1597/varnish.changes 2022-11-10 14:23:31.602771542 +0100 @@ -1,0 +2,12 @@ +Wed Nov 9 17:16:51 UTC 2022 - Jan Engelhardt <jeng...@inai.de> + +- Update to release 7.2.1 + * Attempts to mark well-known headers like Content-Length and + Host hop-by-hop through a Connection-header will now cause a + 400 "Bad request" response. + (VSV00010, CVE-2022-45059, boo#1205243) + * Apply the same character set rules to HTTP/2 pseudo-headers + as is done on the corresponding HTTP/1 request-line field + parsing. (VSV00011, CVE-2022-45060, boo#1205242) + +------------------------------------------------------------------- Old: ---- varnish-7.2.0.tgz New: ---- varnish-7.2.1.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ varnish.spec ++++++ --- /var/tmp/diff_new_pack.AhxcpC/_old 2022-11-10 14:23:32.266775300 +0100 +++ /var/tmp/diff_new_pack.AhxcpC/_new 2022-11-10 14:23:32.270775323 +0100 @@ -25,7 +25,7 @@ %define _fillupdir %_localstatedir/adm/fillup-templates %endif Name: varnish -Version: 7.2.0 +Version: 7.2.1 Release: 0 Summary: Accelerator for HTTP services License: BSD-2-Clause ++++++ varnish-7.2.0.tgz -> varnish-7.2.1.tgz ++++++ ++++ 6947 lines of diff (skipped)
