Your message dated Wed, 29 Nov 2017 21:10:32 +0000
with message-id <[email protected]>
and subject line Bug#881808: fixed in varnish 5.2.1-1
has caused the Debian Bug report #881808,
regarding varnish: CVE-2017-8807: Data leak - '-sfile' Stevedore transient
objects
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
881808: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881808
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: varnish
Version: 5.0.0-1
Severity: serious
Tags: patch security upstream fixed-upstream
Forwarded: https://github.com/varnishcache/varnish-cache/pull/2429
Control: fixed -1 5.0.0-7+deb9u2
Hi,
the following vulnerability was published for varnish.
CVE-2017-8807[0]:
Data leak - '-sfile' Stevedore transient objects
The fix for stretch-security has already been preared and will be
released shortly, already marking the version as fixed accordingly
since prepared before.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8807
[1] https://github.com/varnishcache/varnish-cache/pull/2429
[2] https://varnish-cache.org/security/VSV00002.html
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: varnish
Source-Version: 5.2.1-1
We believe that the bug you reported is fixed in the latest version of
varnish, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stig Sandbeck Mathisen <[email protected]> (supplier of updated varnish package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Nov 2017 20:48:23 +0100
Source: varnish
Binary: varnish varnish-doc libvarnishapi1 libvarnishapi-dev
Architecture: source
Version: 5.2.1-1
Distribution: unstable
Urgency: medium
Maintainer: Varnish Package Maintainers
<[email protected]>
Changed-By: Stig Sandbeck Mathisen <[email protected]>
Description:
libvarnishapi-dev - development files for Varnish
libvarnishapi1 - shared libraries for Varnish
varnish - state of the art, high-performance web accelerator
varnish-doc - documentation for Varnish Cache
Closes: 881808
Changes:
varnish (5.2.1-1) unstable; urgency=medium
.
* Imported upstream release 5.2.1 (closes: #881808, CVE-2017-8807)
* Refresh varnishreload from upstream packaging repo
Checksums-Sha1:
2ac43bfd69ba771dcaf647152b051ff965ee97cd 2476 varnish_5.2.1-1.dsc
d4ca40d4faf984ec708b77ef3d01a63c23e41802 2827676 varnish_5.2.1.orig.tar.gz
be5ed5ef44b9ce90137ffbacb3b86b0a5380226e 21644 varnish_5.2.1-1.debian.tar.xz
4c0416f6756f2d8712817256bb56baad13006467 8940 varnish_5.2.1-1_amd64.buildinfo
Checksums-Sha256:
3aba77c7f65e6fc9daa3386e09853f41dcba30ed0d29ed5a780c1c7797ea74c3 2476
varnish_5.2.1-1.dsc
b8452c9d78c16f78c8cfd1c1a1e696523bf64b7721c330150dcc0852459014b3 2827676
varnish_5.2.1.orig.tar.gz
1e87eef1c54cbc8b331c5b2d85ce2b843ba04ed8972520360f12ba63c300bfa6 21644
varnish_5.2.1-1.debian.tar.xz
525a1f7f32bdfca12f4c1fee91b22c9bece362fe457b44bb64af9c63e7b36e53 8940
varnish_5.2.1-1_amd64.buildinfo
Files:
56adb9f3311c393fd393cad1cd2d03a7 2476 web optional varnish_5.2.1-1.dsc
39e3014b36cc599c7e4951aac84bb18e 2827676 web optional varnish_5.2.1.orig.tar.gz
fafeb0f191a84b3ead3bc85ef722f93c 21644 web optional
varnish_5.2.1-1.debian.tar.xz
6b8f46866c49df2d01ba42915a093083 8940 web optional
varnish_5.2.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEeZ5n7uInSAMeBaLcfbqVjBwFVTgFAlofEsMACgkQfbqVjBwF
VTheTxAAwE8uOMKKJtYGXzaSbomeoafS0mM+Q/Wp7NAWqRoCC4XsG90WCZB3r1f9
9z0xUjJrYMvIbPqi8hW2jZVRl08y+c9l4p/QqVyrcWn+GnF8gOk7606Qze1ZCIy+
Az0Qnda56QBdHfftf9UW0M5IuJCHGWN1VT6e7ARnzWFCZVykCJkwlH4GhONJEzBa
39lTqAHmrGd1pHA/upOBYXxhTXmyEI7MGzCAxdtHGy+KSoXP+5ocLUWBFLc/CYf2
5pPe40nIOb+8OgoQK3ZVawR5o0nfBHx39oHFInzbBuiE+7Hj4E5cF//Gz+KkBUnY
Rs9+RNiCrpyGb8XXLYwhAavHgmEpo6bEz50O34F+hkeU45/u5pLR00LIcwoXyrTD
4fPdQY2YcRpYEor0nTFNZ+viSB5KrAqAmgEST+SPydRDFD1b1LbadXz8mBD3MjWE
Jf4eowftmQlfEUaDtoHKxPmkBLv6mVsqXQYz+YxOYv8XHM2LjUJ3aesVzZvxkrfe
TZBRgDDEZ+atj5fz4McW0twPw1mLFrSJFK6Ptel3xbjqlN0Z3V7LH8TFosUdDy82
zShO+2YOPwp8A489gEk6crA+BerPDeT4AqeJ29j0Gg7S267GaHtcwkaGBTBszjDD
5tO18uTI7FwXi8RgIxF4daCvyPCFtSN8tVmAts4zykki1Qq+/uw=
=x+1X
-----END PGP SIGNATURE-----
--- End Message ---
