Your message dated Sat, 14 Dec 2013 12:49:45 +0000
with message-id <[email protected]>
and subject line Bug#728989: fixed in varnish 3.0.2-2+deb7u1
has caused the Debian Bug report #728989,
regarding varnish: CVE-2013-4484
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
728989: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728989
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: varnish
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
Know you are already aware, opening bugreport to keep track of this
issue.
the following vulnerability was published for varnish.
CVE-2013-4484[0]:
| Varnish before 3.0.5 allows remote attackers to cause a denial of
| service (child-process crash and temporary caching outage) via a GET
| request with trailing whitespace characters and no URI.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
[0] http://security-tracker.debian.org/tracker/CVE-2013-4484
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: varnish
Source-Version: 3.0.2-2+deb7u1
We believe that the bug you reported is fixed in the latest version of
varnish, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stig Sandbeck Mathisen <[email protected]> (supplier of updated varnish package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 9 Dec 2013 14:55:33 CET
Source: varnish
Binary: varnish varnish-doc libvarnishapi1 libvarnishapi-dev varnish-dbg
Architecture: source amd64 all
Version: 3.0.2-2+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Varnish Package Maintainers
<[email protected]>
Changed-By: Stig Sandbeck Mathisen <[email protected]>
Description:
libvarnishapi-dev - development files for Varnish
libvarnishapi1 - shared libraries for Varnish
varnish - state of the art, high-performance web accelerator
varnish-dbg - debugging symbols for varnish
varnish-doc - documentation for Varnish Cache
Closes: 728989
Changes:
varnish (3.0.2-2+deb7u1) wheezy-security; urgency=high
.
* Import upstream security patch.
A malformed request could in some configurations lead to Varnish
crashing. CVE-2013-4484 (Closes: #728989)
Checksums-Sha256:
100c0466199e311322c153206bb2f2ae0a6fef218e1e579794682a116b32297d 1709
varnish_3.0.2-2+deb7u1.dsc
a608f10e8daeb31f70590c919daf9c34ef0c9658285333af48c6bcdf7cfb65a5 17173
varnish_3.0.2-2+deb7u1.debian.tar.gz
9546be3e4b8b0f89880b59f967d82f77da8d63bd1a433fa2ca9d0869066ad65d 535776
varnish_3.0.2-2+deb7u1_amd64.deb
61eae311ae06fceb46f7afc64258e72924eb30eb17777d4cda886132d93a4157 271810
varnish-doc_3.0.2-2+deb7u1_all.deb
5795b7650e5853940ca3165a1650834910338392846410686d31116509611548 41072
libvarnishapi1_3.0.2-2+deb7u1_amd64.deb
2b4dd923966e3ffee474a1ff88910d344948f383cf244775d028237fe81289c4 18100
libvarnishapi-dev_3.0.2-2+deb7u1_amd64.deb
ef9d22293278a84b643c40318a5b2280651dfa8b36d3accc1a896c0db4ccd855 1172634
varnish-dbg_3.0.2-2+deb7u1_amd64.deb
8ca36c53dfe71f014281a744745cdb07357e83c94f57fb14733a5ad8959e4559 1946449
varnish_3.0.2.orig.tar.gz
Checksums-Sha1:
91488812b7b78337a1a8f28c869ad86d2df7703c 1709 varnish_3.0.2-2+deb7u1.dsc
b9e36fa4f121e5a9481871575c6d9f308309b4d3 17173
varnish_3.0.2-2+deb7u1.debian.tar.gz
9debde873ee43bea5a181e5f49e986aeb44ac0db 535776
varnish_3.0.2-2+deb7u1_amd64.deb
9bde0cc6c38acb19f31b957dbdfc19d7f671153c 271810
varnish-doc_3.0.2-2+deb7u1_all.deb
b2bb079e3ec8ab4f00ee55896b1d98e02b41088c 41072
libvarnishapi1_3.0.2-2+deb7u1_amd64.deb
60fd2470a7a7a16505db647e690e94fa57a80e7b 18100
libvarnishapi-dev_3.0.2-2+deb7u1_amd64.deb
653d7fa822c98a7a2e106aad26e1c28081e0f450 1172634
varnish-dbg_3.0.2-2+deb7u1_amd64.deb
daa3d10c9df81caa3125aada3d479f51e7c3beb8 1946449 varnish_3.0.2.orig.tar.gz
Files:
7941c4a7d0d78c03ab3c1e0732ddc300 1709 web optional varnish_3.0.2-2+deb7u1.dsc
47bad9a097c8d5eb2605a92c783aaf31 17173 web optional
varnish_3.0.2-2+deb7u1.debian.tar.gz
e2cbab4ffc01e5e0a9c475addfbf7579 535776 web optional
varnish_3.0.2-2+deb7u1_amd64.deb
195d3eac3a9df7fce057cf93f95dd84a 271810 doc optional
varnish-doc_3.0.2-2+deb7u1_all.deb
4ffa0b71bad978d36688a90eaecb98cf 41072 libs optional
libvarnishapi1_3.0.2-2+deb7u1_amd64.deb
51f63be8595f1429d411ec323f9c26ff 18100 libdevel optional
libvarnishapi-dev_3.0.2-2+deb7u1_amd64.deb
17ea0e7ba5607a3a7a0fd4ac66f07443 1172634 debug extra
varnish-dbg_3.0.2-2+deb7u1_amd64.deb
16c6e3ac242a175e36a8e6b06758fef3 1946449 web optional varnish_3.0.2.orig.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlKly+MACgkQQONU2fom4u5bCgCglGHzwZXLC0wAV7qNTXWLBM5+
TtIAn37PZxs7Mu6OoKnFbWDGYyOt7Fqn
=vY0u
-----END PGP SIGNATURE-----
--- End Message ---
