[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
Hello Luis, did you manage to test the bionic package? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
** Also affects: varnish (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: varnish (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: varnish (Ubuntu Impish) Importance: Undecided Status: New ** Also affects: varnish (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: varnish (Ubuntu Bionic) Status: New => In Progress ** Changed in: varnish (Ubuntu Focal) Status: New => In Progress ** Changed in: varnish (Ubuntu Impish) Status: New => In Progress ** Changed in: varnish (Ubuntu Jammy) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
Hi Luis, I just uploaded your bionic debdiff to the security team PPA, with similar changelog changes as the other releases. Could you please test it? Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
I have run the upstream test suite on Focal and Impish as follows: $ git clone https://github.com/varnishcache/varnish-cache.git $ git checkout varnish-$UPSTREAM_VERSION $ cd bin/varnishtest $ for i in tests/*; do if [ "$i" != tests/README ]; then varnishtest "$i"; fi; done In Focal all tests pass or are skipped. In Impish the same happens but varnishd crashes twice in the first run, but no crashes occur on the second run. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
Paulo Flabiano Smorigo, please upload a patched version for Bionic to the Ubuntu Security Proposed PPA. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
Hello Luís, thanks for the debdiffs. I've changed the changelog a little bit in order to follow the security format and fit the patches into the DEP-3 guidelines (some of them were missing some header elements). I uploaded the packages into our security-proposed ppa and, if possible, please test using them. My plan is to push to archive next week. The link for the ppa is: https://launchpad.net/~ubuntu-security- proposed/+archive/ubuntu/ppa/+packages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
I have only tested that each patch compiles on a Ubuntu VM with the corresponding release and tried to test that the patched version in Bionic is not affected by CVE-2019-20637 but failed: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/comments/1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
Corrected patch for Jammy. ** Patch removed: "Patch for Jammy" https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586785/+files/varnish_jammy.debdiff ** Patch added: "Patch for Jammy" https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586960/+files/varnish_jammy.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
** Changed in: varnish (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
** Bug watch added: Debian Bug tracker #1010582 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010582 ** Also affects: varnish (Debian) via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010582 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
Hello Luís, thanks; I just glanced at the debdiffs quickly, and noticed this one appears to missing the quilt series changes: +varnish (6.6.1-1ubuntu0.1) jammy-security; urgency=medium Please also report back how you've tested the patches. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
** Changed in: varnish (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
** Patch added: "Patch for Jammy" https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586785/+files/varnish_jammy.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
** Patch added: "Patch for Impish" https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586784/+files/varnish_impish.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
** Patch removed: "Patch for Focal" https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586782/+files/varnish_focal.debdiff ** Patch added: "Patch for Focal" https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586783/+files/varnish_focal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
** Patch added: "Patch for Focal" https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586782/+files/varnish_focal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
** Patch added: "Patch for Focal" https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586775/+files/varnish_focal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
This patch has a mistake. A corrected patch will be added in a few minutes. ** Patch removed: "Patch for Focal" https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586775/+files/varnish_focal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
The attachment "Patch for Bionic" seems to be a debdiff. The ubuntu- sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
** Patch added: "Patch for Bionic" https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+attachment/5586770/+files/varnish_bionic.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
Debian believes that CVE-2019-20637 is a minor issue in Stretch and Buster, that have versions 5.0.0 and 6.1.1, respectively. In addition, when I run the new test f4.vtc in the source tree for Bionic, I get an error. Therefore, I am not patching this CVE for Bionic. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971504] Re: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic
** Changed in: varnish (Ubuntu) Status: New => In Progress ** Changed in: varnish (Ubuntu) Assignee: (unassigned) => Luís Cunha dos Reis Infante da Câmara (luis220413) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971504 Title: Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs