Note that trusty's varnish is also vulnerable to CVE-2017-12425. Could you work that into the patch too? (Note fetch_number() from trusty/varnish-3.0.5/bin/varnishd/cache_fetch.c )
Thanks ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12425 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1709153 Title: [CVE] HTTP Smuggling issues: Double Content Length and bad EOL To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1709153/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
