[ubuntu/focal-security] varnish 6.2.1-2ubuntu0.1 (Accepted)
Paulo Flabiano Smorigo
pfsmorigo at canonical.com
Wed Jun 8 18:06:43 UTC 2022
varnish (6.2.1-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Sensitive Information Disclosure
- debian/patches/CVE-2019-20637.patch: Clear err_code and err_reason at
start of request handling. (LP: #1971504, LP: #1939281)
CVE-2019-20637
* SECURITY UPDATE: Assertion failure
- debian/patches/CVE-2020-11653.patch: Take sizeof pool_task into account
when reserving WS in SES_Wait. (LP: #1971504, LP: #1939281)
CVE-2020-11653
* SECURITY UPDATE: HTTP Request Smuggling
- debian/patches/CVE-2021-36740.patch: Take content length into
account on H/2 request bodies. (LP: #1971504, LP: #1939281)
- debian/patches/CVE-2022-23959.patch: Mark req doclose when failing
to ignore req body. (LP: #1971504, LP: #1939281)
CVE-2021-36740
CVE-2022-23959
* Additions fixes
- debian/patches/WS_ReserveAll.patch: Add WS_ReserveAll to replace
WS_Reserve(ws, 0).
- debian/patches/WS_ReserveSize.patch: Deprecate WS_Reserve() and replace
it with WS_ReserveSize().
Date: 2022-05-06 21:49:12.940286+00:00
Changed-By: Luís Cunha dos Reis Infante da Câmara <luis.infante.da.camara at tecnico.ulisboa.pt>
Signed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
https://launchpad.net/ubuntu/+source/varnish/6.2.1-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list