Ubuntu
varnish package

  1. Bug #1709153
  2. Comment #5

Comment 5 for bug 1709153

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package varnish - 3.0.5-2ubuntu0.1

---------------
varnish (3.0.5-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: HTTP Smuggling issues: Double Content Length and bad EOL
    (LP: #1709153).
    - fix-HTTP-Smuggling-CVE-2015-8852.patch
    - CVE-2015-8852
  * SECURITY UPDATE: Correctly handle bogusly large chunk sizes
    (LP: #1709153).
    - Correctly-handle-bogusly-large-chunk-sizes-CVE-2017-12425.patch
    - CVE-2017-12425

 -- Simon Quigley <email address hidden> Mon, 07 Aug 2017 13:57:07 -0500