Your message dated Sun, 06 Aug 2017 09:33:50 +0000 with message-id <e1dehwu-0002nx...@fasolo.debian.org> and subject line Bug#870467: fixed in varnish 5.0.0-7.1 has caused the Debian Bug report #870467, regarding varnish: CVE-2017-12425: Bogusly large chunk sizes may cause assert to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 870467: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870467 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: varnish Version: 4.0.1-1 Severity: grave Tags: security upstream patch Hi See https://www.varnish-cache.org/security/VSV00001.html#vsv00001 for details. I did prepare already updates for jessie- and stretch-security and will try to release the updates shortly. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: varnish Source-Version: 5.0.0-7.1 We believe that the bug you reported is fixed in the latest version of varnish, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated varnish package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 04 Aug 2017 10:55:36 +0200 Source: varnish Binary: varnish varnish-doc libvarnishapi1 libvarnishapi-dev Architecture: source Version: 5.0.0-7.1 Distribution: unstable Urgency: high Maintainer: Varnish Package Maintainers <pkg-varnish-de...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 870467 Description: libvarnishapi-dev - development files for Varnish libvarnishapi1 - shared libraries for Varnish varnish - state of the art, high-performance web accelerator varnish-doc - documentation for Varnish Cache Changes: varnish (5.0.0-7.1) unstable; urgency=high . * Non-maintainer upload. * CVE-2017-12425: Correctly handle bogusly large chunk sizes. This fixes a denial of service attack vector where bogusly large chunk sizes in requests could be used to force restarts of the Varnish server. (Closes: #870467) Checksums-Sha1: 703c9541790df6d6ae8f4c937bb14b758f863842 2639 varnish_5.0.0-7.1.dsc 4fb4fcc865cfbdfebba789ce8f12f4e13d05374f 21740 varnish_5.0.0-7.1.debian.tar.xz Checksums-Sha256: 191f0311aff42e901d36ffd96afa1adbc1fafdc42b5442aca022eed7e3154c51 2639 varnish_5.0.0-7.1.dsc 4be90295a6a18b8798c545c6ddc20c2030e409a16bfa54e5515a184153d32e6a 21740 varnish_5.0.0-7.1.debian.tar.xz Files: 328244462757848ecc1015fbe90a8752 2639 web optional varnish_5.0.0-7.1.dsc 78faded102b7e1e3b7237928dae9ed3f 21740 web optional varnish_5.0.0-7.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlmEOARfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EEKYP/1CAlsf4I2pRo0eBlz9TM2JADPOI0Nq5 /+bIMPlva1aX55ZbaMNZrOcE198rLCE31At/blbwKtPGR383UHieSJsvZJQl+jqC 8OD3LUdo/d/Eluo01iDFx3CpqyIC0fMY5fbTK4n84ArGD9ELBwG/8+wyj8jN0xac g98uJeuW0O4uLzLb0bY0wSm40lRdLdKiPvjLAPMGfFmFIMq1BrBtZfjywn0AX8mI QPQbCFXcDNtQob44lBqVZXkoIlq6OgjqKDiL32K+dnTxHjxyap1rQneNWQ3AUk5W 5OWUJVxqMi8nk5YY86Sh9GlL/tbNZiW8EluUspvCS49xDRZ5rsxrbc6zDsthKy37 JAUa0SU05dmuBJAmKApxJhedNa1WBAIxwEEdCvTzDIlsy2edil5MLmYpH7hLMSpE OOfgaqmi4osBKMWhbsICH83XVeMonZ9u9y13ECUQiFrKKETXFPVCj9kiGeYITnpA Prgv764QmqwDeP/oU2RZ3OHollY4qDXiJZp4TE1Z/ecrhhHVYo+il9GBAR3ldZRo sjW2/aZaJLFLM1QZyOQ6AKXPTdZNRZM10SRMzBxuMvEHo1UnnuH8iEHC9Ax1ixAa BtxGm2Ru4ZVNic0Y/x2Fzh05D7mvPrYuMWiDMcyPulKw4BBWMMyx8OjGDyEhhEzZ dIMVvPfbveyN =ug/j -----END PGP SIGNATURE-----
--- End Message ---
