Your message dated Mon, 06 Jan 2014 22:48:35 +0000
with message-id <[email protected]>
and subject line Bug#728989: fixed in varnish 2.1.3-8+deb6u2
has caused the Debian Bug report #728989,
regarding varnish: CVE-2013-4484
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
728989: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728989
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: varnish
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
Know you are already aware, opening bugreport to keep track of this
issue.
the following vulnerability was published for varnish.
CVE-2013-4484[0]:
| Varnish before 3.0.5 allows remote attackers to cause a denial of
| service (child-process crash and temporary caching outage) via a GET
| request with trailing whitespace characters and no URI.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
[0] http://security-tracker.debian.org/tracker/CVE-2013-4484
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: varnish
Source-Version: 2.1.3-8+deb6u2
We believe that the bug you reported is fixed in the latest version of
varnish, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Raphael Geissert <[email protected]> (supplier of updated varnish package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 15 Dec 2013 10:47:47 +0100
Source: varnish
Binary: varnish libvarnish1 libvarnish-dev
Architecture: source i386
Version: 2.1.3-8+deb6u2
Distribution: squeeze
Urgency: high
Maintainer: Varnish Package Maintainers
<[email protected]>
Changed-By: Raphael Geissert <[email protected]>
Description:
libvarnish-dev - development files for Varnish
libvarnish1 - shared libraries for Varnish
varnish - a state-of-the-art, high-performance HTTP accelerator
Closes: 728989
Changes:
varnish (2.1.3-8+deb6u2) squeeze; urgency=low
.
* Changeless upload to use the .orig tarball as found in ftp-master.
.
varnish (2.1.3-8+deb6u1) squeeze-security; urgency=high
.
[ Salvatore Bonaccorso ]
* Backport upstream security patch.
A malformed request could in some configurations lead to Varnish
crashing. CVE-2013-4484 (Closes: #728989)
Checksums-Sha1:
b8403fbbf41c73f002966fb7d51bc1e7c6de4dfb 1493 varnish_2.1.3-8+deb6u2.dsc
c878208d938cfc5201389d56bb8fb067b1fae262 17474
varnish_2.1.3-8+deb6u2.debian.tar.gz
c9bf122c173a266339d830eda2803f3c7c01b3c8 314156 varnish_2.1.3-8+deb6u2_i386.deb
6e041b0ecbd9ca1c1d626f5cc0dcb9eefec09107 84434
libvarnish1_2.1.3-8+deb6u2_i386.deb
4d204493ddfacc90b8411bb6217fef2367f165c7 96498
libvarnish-dev_2.1.3-8+deb6u2_i386.deb
Checksums-Sha256:
0d7f11652c21af73e2f46bfe70e6b2fcbfd17c720a62e1db3dc8738cd825306e 1493
varnish_2.1.3-8+deb6u2.dsc
8b6986777af94ce29f9469882dce3296493d6a2f865bad34354f3ded5c589bf3 17474
varnish_2.1.3-8+deb6u2.debian.tar.gz
e69d74bb9f321f4611728d4c4416c712ed10e96c87f39bfde6a9514efb44be37 314156
varnish_2.1.3-8+deb6u2_i386.deb
59d5f90bb86c8c5407a4cd3147f3a8801d40cd93cc854117dfa52af985312cd1 84434
libvarnish1_2.1.3-8+deb6u2_i386.deb
7745074253996cd4cee2980f85863f93dd4082354700d8814cda3bf56862d472 96498
libvarnish-dev_2.1.3-8+deb6u2_i386.deb
Files:
72f490e9d7164cd1d30e6e1f720aef33 1493 web optional varnish_2.1.3-8+deb6u2.dsc
15a612ec0190bf709540afe4140f3a5c 17474 web optional
varnish_2.1.3-8+deb6u2.debian.tar.gz
c681fc551eb4886c6e6b671d5ea0b838 314156 web optional
varnish_2.1.3-8+deb6u2_i386.deb
56a6c1b23bbbf0c5e1a1691263e5834e 84434 libs optional
libvarnish1_2.1.3-8+deb6u2_i386.deb
4e57704a1bd1960f219de3d06de9d59f 96498 libdevel optional
libvarnish-dev_2.1.3-8+deb6u2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iEYEARECAAYFAlKtgS0ACgkQYy49rUbZzlou1wCdHCak98WZ80GE+2x87ur4Lpjh
erEAmgP3LeuWa5Dn3r68Ou1//0OFSPNk
=jxOn
-----END PGP SIGNATURE-----
--- End Message ---
