Ubuntu
varnish package

varnish 6.2.1-2ubuntu0.2 source package in Ubuntu

Changelog

varnish (6.2.1-2ubuntu0.2) focal-security; urgency=medium

  * SECURITY REGRESSION: Incomplete fix for CVE-2020-11653 (LP: #1986627)
    - debian/patches/WS_ReserveAll.patch: Rename to CVE-2020-11653-01.patch.
    - debian/patches/WS_ReserveSize.patch: Rename to CVE-2020-11653-02.patch.
    - debian/patches/CVE-2020-11653-03.patch: Add a facility to test
      WS_ReserveSize().
    - debian/patches/CVE-2020-11653-04.patch: Correct the overflow condition in
      WS_ReserveSize().
    - debian/patches/CVE-2020-11653-05.patch: Fix copy-pasted test description.
    - debian/patches/CVE-2020-11653-06.patch: Add Session Attribute workspace
      overflow handling.
    - debian/patches/CVE-2020-11653-07.patch: Simplify WS allocation in
      tlv_string.
    - debian/patches/CVE-2020-11653-08.patch: Try to make the proxy code session
      workspace overflow test on 32-bit platforms.
    - debian/patches/CVE-2020-11653-09.patch: Adjust the workspace session size
      for 32-bit vtest machines.
    - debian/patches/CVE-2020-11653-10.patch: Handle out of session workspace in
      http1_new_session().
    - debian/patches/CVE-2020-11653-11.patch: Remove extra call to
      SES_Reserve_proto_priv().
    - debian/patches/CVE-2020-11653-12.patch: Remove call to
      SES_Reserve_proto_priv() in h2_init_sess().
    - debian/patches/CVE-2020-11653-13.patch: Handle badly formatted proxy TLVs.
    - debian/patches/CVE-2020-11653-14.patch: Add a missing assertion to
      WS_ReserveAll().
    - debian/patches/CVE-2020-11653-15.patch: Fix WS_ReserveSize calls when
      bytes is equal to free workspace.
    - debian/patches/CVE-2020-11653.patch: Rename to CVE-2020-11653-16.patch.

 -- Luís Infante da Câmara <email address hidden>  Tue, 16 Aug 2022 17:57:53 +0100

Upload details

Uploaded by:
Luís Infante da Câmara
Sponsored by:
Paulo Flabiano Smorigo
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates universe web
Focal security universe web

Downloads

File Size SHA-256 Checksum
varnish_6.2.1.orig.tar.gz 3.1 MiB f28e05d292c8fcd0e62c9fbbf1c9058368d8ad5ecf5476b57fab80eb06df0e97
varnish_6.2.1-2ubuntu0.2.debian.tar.xz 37.1 KiB 16fa3a3d652e6bddee47011c4242f9e65c50426cc7b6180431519728af07876a
varnish_6.2.1-2ubuntu0.2.dsc 2.5 KiB cf9484c90a811dd78021b2eac9fda5143c53d12e3c8b17acd0da0990cf6d4e3b

View changes file

Binary packages built by this source

libvarnishapi-dev: development files for Varnish

 Development files for the Varnish HTTP accelerator.

libvarnishapi2: shared libraries for Varnish

 Shared libraries for the Varnish HTTP accelerator.

libvarnishapi2-dbgsym: debug symbols for libvarnishapi2
varnish: state of the art, high-performance web accelerator

 Varnish Cache is a state of the art web accelerator written with
 performance and flexibility in mind.
 .
 Varnish Cache stores web pages in memory so web servers don't have to
 create the same web page over and over again. Varnish serves pages
 much faster than any application server; giving the website a
 significant speed up.
 .
 Some of the features include:
  * A modern design
  * VCL - a very flexible configuration language
  * Load balancing with health checking of backends
  * Partial support for ESI - Edge Side Includes
  * URL rewriting
  * Graceful handling of "dead" backends

varnish-dbgsym: debug symbols for varnish
varnish-doc: documentation for Varnish Cache

 This package contains HTML documentation for Varnish Cache.