Univention Bugzilla – Bug 54449
varnish: Multiple issues (4.4)
Last modified: 2022-02-16 12:23:25 CET
New Debian varnish 5.0.0-7+deb9u3 fixes: This update addresses the following issue: * HTTP/1 request smuggling vulnerability (CVE-2022-23959)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/varnish_5.0.0-7+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/varnish_5.0.0-7+deb9u3.dsc @@ -1,3 +1,9 @@ +5.0.0-7+deb9u3 [Sun, 13 Feb 2022 23:20:58 +0100] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2022-23959: + In Varnish request smuggling can occur for HTTP/1 connections. + 5.0.0-7+deb9u2 [Thu, 09 Nov 2017 21:14:09 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/4.4-8/#3054276332079288949>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x1178>