Source: varnish Version: 5.0.0-1 Severity: serious Tags: patch security upstream fixed-upstream Forwarded: https://github.com/varnishcache/varnish-cache/pull/2429 Control: fixed -1 5.0.0-7+deb9u2
Hi, the following vulnerability was published for varnish. CVE-2017-8807[0]: Data leak - '-sfile' Stevedore transient objects The fix for stretch-security has already been preared and will be released shortly, already marking the version as fixed accordingly since prepared before. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8807 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8807 [1] https://github.com/varnishcache/varnish-cache/pull/2429 [2] https://varnish-cache.org/security/VSV00002.html Regards, Salvatore
