Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 58040b35 by Sylvain Beucler at 2020-05-15T11:34:03+02:00 CVE-2019-20637/varnish: jessie not-affected - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -3855,9 +3855,11 @@ CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-07.html CVE-2019-20637 (An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6 ...) - varnish 6.4.0-1 (bug #956305) + [jessie] - varnish <not-affected> (Vulnerability introduced later, PoC not leaking) NOTE: http://varnish-cache.org/security/VSV00004.html#vsv00004 NOTE: https://github.com/varnishcache/varnish-cache/commit/bd7b3d6d47ccbb5e1747126f8e2a297f38e56b8c (6.x fix) NOTE: https://github.com/varnishcache/varnish-cache/commit/0c9c38513bdb7730ac886eba7563f2d87894d734 (test case / reproducer) + NOTE: Introduced in https://github.com/varnishcache/varnish-cache/commit/62932b422f311ed1224f14a216169bcdc1b77a2d (5.0) NOTE: Case #3 implies labels introduced in https://github.com/varnishcache/varnish-cache/commit/34350d5e183ef4e04285729d1f63b784d1bc6454 (5.0) CVE-2020-11646 RESERVED ===================================== data/dla-needed.txt ===================================== @@ -115,15 +115,6 @@ tomcat8 tzdata NOTE: 20200514: LTS update must wait on oldstable update first to prevent newer version in LTS (roberto) -- -varnish (Sylvain Beucler) - NOTE: 20200410: There was a reworking of the functions in cache_req_fsm.c - NOTE: 20200410: compared to HEAD, but a glance suggests that the underlying - NOTE: 20200410: reset of err_code and err_reason still might need doing, but - NOTE: 20200410: I don't quite understand the restart/synthetic requests. (lamby) - NOTE: 20200424: Getting diagnostic info from upstream, cf. #956305 (Beuc) - NOTE: 20200506: Not enough info so far, ping'd varnish-misc ML (Beuc) - NOTE: 20200512: Not enough info so far, ping'd security contacts (Beuc) --- xcftools (Anton Gladky) NOTE: 20200111: wrote a patch + reproducer for CVE-2019-5086, waiting for upstream review (hle) NOTE: 20200414: Flurry of activity on/around 20200401 essentially rejecting original patch View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58040b35d3db55baa077ffe425a0b7d8d989980b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/58040b35d3db55baa077ffe425a0b7d8d989980b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits