Comment 4 for bug 1986627

This bug was fixed in the package varnish - 6.2.1-2ubuntu0.2

---------------
varnish (6.2.1-2ubuntu0.2) focal-security; urgency=medium

  * SECURITY REGRESSION: Incomplete fix for CVE-2020-11653 (LP: #1986627)
    - debian/patches/WS_ReserveAll.patch: Rename to CVE-2020-11653-01.patch.
    - debian/patches/WS_ReserveSize.patch: Rename to CVE-2020-11653-02.patch.
    - debian/patches/CVE-2020-11653-03.patch: Add a facility to test
      WS_ReserveSize().
    - debian/patches/CVE-2020-11653-04.patch: Correct the overflow condition in
      WS_ReserveSize().
    - debian/patches/CVE-2020-11653-05.patch: Fix copy-pasted test description.
    - debian/patches/CVE-2020-11653-06.patch: Add Session Attribute workspace
      overflow handling.
    - debian/patches/CVE-2020-11653-07.patch: Simplify WS allocation in
      tlv_string.
    - debian/patches/CVE-2020-11653-08.patch: Try to make the proxy code session
      workspace overflow test on 32-bit platforms.
    - debian/patches/CVE-2020-11653-09.patch: Adjust the workspace session size
      for 32-bit vtest machines.
    - debian/patches/CVE-2020-11653-10.patch: Handle out of session workspace in
      http1_new_session().
    - debian/patches/CVE-2020-11653-11.patch: Remove extra call to
      SES_Reserve_proto_priv().
    - debian/patches/CVE-2020-11653-12.patch: Remove call to
      SES_Reserve_proto_priv() in h2_init_sess().
    - debian/patches/CVE-2020-11653-13.patch: Handle badly formatted proxy TLVs.
    - debian/patches/CVE-2020-11653-14.patch: Add a missing assertion to
      WS_ReserveAll().
    - debian/patches/CVE-2020-11653-15.patch: Fix WS_ReserveSize calls when
      bytes is equal to free workspace.
    - debian/patches/CVE-2020-11653.patch: Rename to CVE-2020-11653-16.patch.

 -- Luís Infante da Câmara <email address hidden> Tue, 16 Aug 2022 17:57:53 +0100