* SECURITY REGRESSION: Incomplete fix for CVE-2020-11653 (LP: #1986627)
- debian/patches/WS_ReserveAll.patch: Rename to CVE-2020-11653-01.patch.
- debian/patches/WS_ReserveSize.patch: Rename to CVE-2020-11653-02.patch.
- debian/patches/CVE-2020-11653-03.patch: Add a facility to test
WS_ReserveSize().
- debian/patches/CVE-2020-11653-04.patch: Correct the overflow condition in
WS_ReserveSize().
- debian/patches/CVE-2020-11653-05.patch: Fix copy-pasted test description.
- debian/patches/CVE-2020-11653-06.patch: Add Session Attribute workspace
overflow handling.
- debian/patches/CVE-2020-11653-07.patch: Simplify WS allocation in
tlv_string.
- debian/patches/CVE-2020-11653-08.patch: Try to make the proxy code session
workspace overflow test on 32-bit platforms.
- debian/patches/CVE-2020-11653-09.patch: Adjust the workspace session size
for 32-bit vtest machines.
- debian/patches/CVE-2020-11653-10.patch: Handle out of session workspace in
http1_new_session().
- debian/patches/CVE-2020-11653-11.patch: Remove extra call to
SES_Reserve_proto_priv().
- debian/patches/CVE-2020-11653-12.patch: Remove call to
SES_Reserve_proto_priv() in h2_init_sess().
- debian/patches/CVE-2020-11653-13.patch: Handle badly formatted proxy TLVs.
- debian/patches/CVE-2020-11653-14.patch: Add a missing assertion to
WS_ReserveAll().
- debian/patches/CVE-2020-11653-15.patch: Fix WS_ReserveSize calls when
bytes is equal to free workspace.
- debian/patches/CVE-2020-11653.patch: Rename to CVE-2020-11653-16.patch.
-- Luís Infante da Câmara <email address hidden> Tue, 16 Aug 2022 17:57:53 +0100
This bug was fixed in the package varnish - 6.2.1-2ubuntu0.2
---------------
varnish (6.2.1-2ubuntu0.2) focal-security; urgency=medium
* SECURITY REGRESSION: Incomplete fix for CVE-2020-11653 (LP: #1986627) patches/ WS_ReserveAll. patch: Rename to CVE-2020- 11653-01. patch. patches/ WS_ReserveSize. patch: Rename to CVE-2020- 11653-02. patch. patches/ CVE-2020- 11653-03. patch: Add a facility to test ReserveSize( ). patches/ CVE-2020- 11653-04. patch: Correct the overflow condition in ReserveSize( ). patches/ CVE-2020- 11653-05. patch: Fix copy-pasted test description. patches/ CVE-2020- 11653-06. patch: Add Session Attribute workspace patches/ CVE-2020- 11653-07. patch: Simplify WS allocation in patches/ CVE-2020- 11653-08. patch: Try to make the proxy code session patches/ CVE-2020- 11653-09. patch: Adjust the workspace session size patches/ CVE-2020- 11653-10. patch: Handle out of session workspace in new_session( ). patches/ CVE-2020- 11653-11. patch: Remove extra call to Reserve_ proto_priv( ). patches/ CVE-2020- 11653-12. patch: Remove call to Reserve_ proto_priv( ) in h2_init_sess(). patches/ CVE-2020- 11653-13. patch: Handle badly formatted proxy TLVs. patches/ CVE-2020- 11653-14. patch: Add a missing assertion to ReserveAll( ). patches/ CVE-2020- 11653-15. patch: Fix WS_ReserveSize calls when patches/ CVE-2020- 11653.patch: Rename to CVE-2020- 11653-16. patch.
- debian/
- debian/
- debian/
WS_
- debian/
WS_
- debian/
- debian/
overflow handling.
- debian/
tlv_string.
- debian/
workspace overflow test on 32-bit platforms.
- debian/
for 32-bit vtest machines.
- debian/
http1_
- debian/
SES_
- debian/
SES_
- debian/
- debian/
WS_
- debian/
bytes is equal to free workspace.
- debian/
-- Luís Infante da Câmara <email address hidden> Tue, 16 Aug 2022 17:57:53 +0100