Am Tue, Apr 01, 2025 at 12:13:53AM +0300 schrieb Adrian Bunk:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm moreinfo
> User: release.debian....@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: secur...@debian.org, Varnish Package Maintainers
> <team+varnish-t...@tracker.debian.org>
>
> * CVE-2025-30346: HTTP/1 client-side desync vulnerability
>
> Tagged moreinfo, as question to the security team whether they want
> this in pu or as DSA.
Fixing this via the next point update is fine, thanks.
Cheers,
Moritz
