Accepted varnish 6.1.1-1+deb10u4 (source) into oldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted varnish 6.1.1-1+deb10u4 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 27 Nov 2022 22:10:22 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: varnish_6.1.1-1+deb10u4_source.changes
- Debian-source: varnish
- Debian-suite: oldstable
- Debian-version: 6.1.1-1+deb10u4
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=OV4O/Wca3+xNUvq/zdiR6JuS3eYZNeWnKzuC+7tmHGE=; b=pPhuG/8NiaSHjj4VrCUtBXOBFB X6MeNCgXXAUqgjFLTAJ1evbAxnNNKmbHcdGLUooAIBPKnQtOPNdC5YdgaUT0cFNSAq5YmueWScRzi I0jTxNpP/1waV/bMod42yvuan2pRZQG+Dc9EYjvGnWT1nPsKi3lLasBIQxKrOXijv361x1bV+rs5V 4JRV+HILurGWJgzjKvqTUe84MKnRKLCXi89Eh1nAZBOSdyJOV1epvr0T4mH/icoVplBcBEtxuBtfA kJTqKj4/2PMcn/t7Ex+afRBk/n4NBfwnVEwO0F2GknvPGO92m9LE9tCEOo79NEEEnX/Sa/3Yq8P7L TlkfTt7g==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1ozPqw-005G5x-TM@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 27 Nov 2022 22:50:36 CET
Source: varnish
Architecture: source
Version: 6.1.1-1+deb10u4
Distribution: buster-security
Urgency: high
Maintainer: Varnish Package Maintainers <team+varnish-team@tracker.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
b56699950b1ba9b8c5bab31a9d6d138fd6db824c 2588 varnish_6.1.1-1+deb10u4.dsc
2fc233becfcc72f5303f0156f395d0a09bb291e2 29140 varnish_6.1.1-1+deb10u4.debian.tar.xz
df562c1d80b2fafd62e71470849744af88f514d6 10664 varnish_6.1.1-1+deb10u4_amd64.buildinfo
Checksums-Sha256:
0eda7e3b628e4743740fd9852ebe6d79980d16c4f6710cbe9b2d2be72b539eda 2588 varnish_6.1.1-1+deb10u4.dsc
9a8756ebea6a9eb1c649321cfa9733d0ac3b61db207b9c664d687dbb4ac1dac3 29140 varnish_6.1.1-1+deb10u4.debian.tar.xz
25a5fb92f7b2adfe372c4be490ca20b5ac85e6f299af208bb1f7a99842b5964b 10664 varnish_6.1.1-1+deb10u4_amd64.buildinfo
Changes:
varnish (6.1.1-1+deb10u4) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2022-45060:
An HTTP Request Forgery issue was discovered in Varnish Cache. An attacker
may introduce characters through HTTP/2 pseudo-headers that are invalid in
the context of an HTTP/1 request line, causing the Varnish server to
produce invalid HTTP/1 requests to the backend. This could, in turn, be
used to exploit vulnerabilities in a server behind the Varnish server.
* Fix CVE-2020-11653:
An issue was discovered in Varnish Cache. It occurs when communication with
a TLS termination proxy uses PROXY version 2. There can be an assertion
failure and daemon restart, which causes a performance loss.
Files:
65ce5eca3d44c62276e245634983c015 2588 web optional varnish_6.1.1-1+deb10u4.dsc
e24dabb24dcc1af30b15ceb7550eb833 29140 web optional varnish_6.1.1-1+deb10u4.debian.tar.xz
565a7d397e8e0351b81cbc222f9e7722 10664 web optional varnish_6.1.1-1+deb10u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmOD2+FfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkYckP/0Sfj3Z0DN8hiFlGu/bfSzIONGNHm6WoZoE7
N63ryVdPcX9TpNLAphJQsWw4wHWb8nLpc6oC7RZsENICfjpq8BccKHGbmQc0sxgA
seUZBnemU90i8Rw7zirD6SybwtcXmxgXa4siZIyZk6lQttbr9JAel2UjgrMbPv9Z
zHR4o4jgngEBjq/cGfV9VdrtybZbAe6/EJsrsWNXG1wgmwmGWk3x9GfX5k4tEsDG
BhLuEG4tUPoqTxdl2AX5h3uL9qE7LxZunWOaIbhU6/kMMZmIsWOu5iDynKA0lI8z
PjQSmkX1fRQqFm760Yj2/8TDyMoECWEzXiNsB6srGi54YyQc4xfTBw29sCIR9KMU
jGaFct/tm4aueFgPPAkPeisde6G7HndM42vNpZ4RXvN0QjsUAn9djNkgnNuH/fhs
COG5XAB59rXa4gZ3Jb+x/MqtbkjUTvah7vhM2j04ov8irbdzRJDiAu8xWz0rlVtx
4UwHtVduY4UsW1MEP5O+xt91NZKjgIllWjfRnH1Iz0tbRgfiFm3Tf426a3dnvpcK
zG4F+OdRG5Jm9Bylq/GMdelMc3k+Ugd0ZhiH2gt6wI0z1ooFsYNc6fuin9j+l8XY
fyS2u2BnxxlmZEV6OHvC0/QtBgImpYXh1RxsfB8wlJfP+h3ienYd266TQPLHAS27
yeZXyPho
=n+y6
-----END PGP SIGNATURE-----