On [22/11/17] [02:33P], Stuart Henderson wrote:
; This is the *only* code change in the upstream code. (The only others are
; an additional test, and regen for new version number / commit ids in docs).
;
; diff -uNp -r varnish-5.2.0/bin/varnishd/cache/cache_fetch.c
This is the *only* code change in the upstream code. (The only others are
an additional test, and regen for new version number / commit ids in docs).
diff -uNp -r varnish-5.2.0/bin/varnishd/cache/cache_fetch.c
varnish-5.2.1/bin/varnishd/cache/cache_fetch.c
---
On [22/11/17] [11:47P], Klemens Nanni wrote:
; On Wed, Nov 15, 2017 at 05:14:11PM +0100, Klemens Nanni wrote:
; > This is a security update[0] fixing a data leak:
; >
; > A wrong if statement in the varnishd source code means that
; > synthetic objects in stevedores which over-allocate,
On Wed, Nov 22, 2017 at 11:03:51AM +, Stuart Henderson wrote:
> On 2017/11/22 11:47, Klemens Nanni wrote:
> > On Wed, Nov 15, 2017 at 05:14:11PM +0100, Klemens Nanni wrote:
> > > This is a security update[0] fixing a data leak:
> > >
> > > A wrong if statement in the varnishd source code
On 2017/11/22 11:47, Klemens Nanni wrote:
> On Wed, Nov 15, 2017 at 05:14:11PM +0100, Klemens Nanni wrote:
> > This is a security update[0] fixing a data leak:
> >
> > A wrong if statement in the varnishd source code means that
> > synthetic objects in stevedores which over-allocate, may
On Wed, Nov 15, 2017 at 05:14:11PM +0100, Klemens Nanni wrote:
> This is a security update[0] fixing a data leak:
>
> A wrong if statement in the varnishd source code means that
> synthetic objects in stevedores which over-allocate, may leak up
> to page size of data from a
This is a security update[0] fixing a data leak:
A wrong if statement in the varnishd source code means that
synthetic objects in stevedores which over-allocate, may leak up
to page size of data from a malloc(3) memory allocation.
In a unpredictable percentage of