** CVE removed: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2019-20637
** CVE removed: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2020-11653
** CVE removed: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2022-23959
--
You received this bug notification because you are a member of
This bug was fixed in the package varnish - 6.2.1-2ubuntu0.1
---
varnish (6.2.1-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Sensitive Information Disclosure
- debian/patches/CVE-2019-20637.patch: Clear err_code and err_reason at
start of request
This was never in impish or later.
And fixed for active releases:
1.5-2ubuntu0.1) focal-security
1.4-8ubuntu0.1) bionic-security
Those uploads are available since ~October 2021, so it was just this bug
that the security team wasn't aware of I guess.
** Also affects: libntlm (Ubuntu Focal)