Hi, On 13/05/2020 11:03, Dridi Boukelmoune wrote: >> I tried to reproduce it myself today and I wasn't able to trigger the >> leak on the master branch's commit prior to the fix. I asked >> internally whether we have a reliable reproducer or if it's something >> that needs a consequential workload to be observable. > > The step I was missing trying to reproduce this on my own was ensuring > that the error reason is far enough in the client workspace to be > leakable. > > It turns out we had a test case covering all 3 scenarios that was > supposed to be pushed a while after the disclosure, but was forgotten. > > You can use this test case now before and after applying the patch: > > https://github.com/varnishcache/varnish-cache/commit/0c9c38513bdb7730ac886eba7563f2d87894d734
Thanks a lot! I was able to check and fix one version (6.1.1), I'll now check the others. Regards, Sylvain Beucler Debian LTS Team _______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
