Hello Luis, did you manage to test the bionic package?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971504
Title:
Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
To manage
** Also affects: varnish (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: varnish (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: varnish (Ubuntu Impish)
Importance: Undecided
Status: New
** Also affects: varnish (Ubuntu Bionic)
Hi Luis,
I just uploaded your bionic debdiff to the security team PPA, with
similar changelog changes as the other releases.
Could you please test it? Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I have run the upstream test suite on Focal and Impish as follows:
$ git clone https://github.com/varnishcache/varnish-cache.git
$ git checkout varnish-$UPSTREAM_VERSION
$ cd bin/varnishtest
$ for i in tests/*; do if [ "$i" != tests/README ]; then varnishtest "$i"; fi;
done
In Focal all tests
Paulo Flabiano Smorigo, please upload a patched version for Bionic to
the Ubuntu Security Proposed PPA.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971504
Title:
Multiple vulnerabilities in
Hello Luís, thanks for the debdiffs. I've changed the changelog a little
bit in order to follow the security format and fit the patches into the
DEP-3 guidelines (some of them were missing some header elements). I
uploaded the packages into our security-proposed ppa and, if possible,
please test
I have only tested that each patch compiles on a Ubuntu VM with the
corresponding release and tried to test that the patched version in
Bionic is not affected by CVE-2019-20637 but failed:
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/comments/1
--
You received this bug
Corrected patch for Jammy.
** Patch removed: "Patch for Jammy"
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586785/+files/varnish_jammy.debdiff
** Patch added: "Patch for Jammy"
** Changed in: varnish (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971504
Title:
Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
To
** Bug watch added: Debian Bug tracker #1010582
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010582
** Also affects: varnish (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010582
Importance: Unknown
Status: Unknown
--
You received this bug notification
Hello Luís, thanks; I just glanced at the debdiffs quickly, and noticed
this one appears to missing the quilt series changes:
+varnish (6.6.1-1ubuntu0.1) jammy-security; urgency=medium
Please also report back how you've tested the patches.
Thanks
--
You received this bug notification because
** Changed in: varnish (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1971504
Title:
Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and
** Patch added: "Patch for Jammy"
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586785/+files/varnish_jammy.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "Patch for Impish"
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586784/+files/varnish_impish.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch removed: "Patch for Focal"
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586782/+files/varnish_focal.debdiff
** Patch added: "Patch for Focal"
** Patch added: "Patch for Focal"
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586782/+files/varnish_focal.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Patch added: "Patch for Focal"
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586775/+files/varnish_focal.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
This patch has a mistake. A corrected patch will be added in a few
minutes.
** Patch removed: "Patch for Focal"
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586775/+files/varnish_focal.debdiff
--
You received this bug notification because you are a member of
The attachment "Patch for Bionic" seems to be a debdiff. The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff. If the attachment isn't a
patch, please remove the "patch" flag from the attachment, remove the
"patch" tag, and if
** Patch added: "Patch for Bionic"
https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586770/+files/varnish_bionic.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Debian believes that CVE-2019-20637 is a minor issue in Stretch and
Buster, that have versions 5.0.0 and 6.1.1, respectively. In addition,
when I run the new test f4.vtc in the source tree for Bionic, I get
an error. Therefore, I am not patching this CVE for Bionic.
--
You received this bug
** Changed in: varnish (Ubuntu)
Status: New => In Progress
** Changed in: varnish (Ubuntu)
Assignee: (unassigned) => Luís Cunha dos Reis Infante da Câmara
(luis220413)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
22 matches
Mail list logo
