Your message dated Sat, 05 Mar 2022 13:47:23 +0000 with message-id <e1nqukl-000gyd...@fasolo.debian.org> and subject line Bug#991040: fixed in varnish 6.1.1-1+deb10u2 has caused the Debian Bug report #991040, regarding varnish: CVE-2021-36740: VSV00007 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 991040: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991040 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: varnish Severity: grave Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> https://varnish-cache.org/security/VSV00007.html Patches: https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf (6.0) https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be (6.5) Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: varnish Source-Version: 6.1.1-1+deb10u2 Done: Florian Weimer <f...@deneb.enyo.de> We believe that the bug you reported is fixed in the latest version of varnish, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 991...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Florian Weimer <f...@deneb.enyo.de> (supplier of updated varnish package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 26 Dec 2021 21:40:15 +0100 Source: varnish Architecture: source Version: 6.1.1-1+deb10u2 Distribution: buster-security Urgency: medium Maintainer: Varnish Package Maintainers <team+varnish-t...@tracker.debian.org> Changed-By: Florian Weimer <f...@deneb.enyo.de> Closes: 991040 Changes: varnish (6.1.1-1+deb10u2) buster-security; urgency=medium . * Apply upstream patch from the 6.0.x TLS branch to fix VSV00007: Varnish HTTP/2 Request Smuggling Attack (CVE-2021-36740). (Closes: #991040) Checksums-Sha1: 3f4a898c13fce56199ca1ed4d6497e5cf1e7ca93 2092 varnish_6.1.1-1+deb10u2.dsc 2b447965f42612f00a180b18e4650c1bf57c32ce 26860 varnish_6.1.1-1+deb10u2.debian.tar.xz 778190ff1bf110c477d12ad508699a9e90a2225b 9504 varnish_6.1.1-1+deb10u2_amd64.buildinfo Checksums-Sha256: bb88ccf94fd81dd58cedb0460ee46d8dbf310b3f6c864da121b7a7f3dcbc80c0 2092 varnish_6.1.1-1+deb10u2.dsc 0f327a7298c32314662789f0ce00c4a31e085a6226dfea50e726728bea124aa0 26860 varnish_6.1.1-1+deb10u2.debian.tar.xz cb09e7817d7381b9ba149e276ea03182d8c6a090603a2aae7f2829c394f1791f 9504 varnish_6.1.1-1+deb10u2_amd64.buildinfo Files: e22ca771d800d43e4dc9c1ab2a5ccec1 2092 web optional varnish_6.1.1-1+deb10u2.dsc e3af191f14ef73cd5a95682f745df6b5 26860 web optional varnish_6.1.1-1+deb10u2.debian.tar.xz 680e207b94e7e4ad0d410ba6878a5c56 9504 web optional varnish_6.1.1-1+deb10u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEyNPZz/qecFY/MvpUv3v/BALVJL4FAmHI2vMACgkQv3v/BALV JL4/GggAjG8fDFieD3yn4ZNDPCD6cy0RzOrfo5g4aYnnp57TOxwb2X/OyTHG0Mif /gjLVyfbJGloM5yg8bwvHzG9/7qWqUzGM/7H3rl4vUgzTeiDuprFiqSvK7xgoKeQ UACzA3oH6iM85xqc3pjJe/IA87CyiLJiEkp/nA+IgRxTg6AgatjvWmSsRDJ8Fc8R vs+NpxODWej7xH0d3kIlVV1deaBCElJLjf0pEGau5c9hs+lckkvi7ESFis7FGL8W Ra/RVD/Z1BPDsC2oqO6HB6abV9EA4hxTl2gecsP01vW7jZNM9HKZBV9isdu3ZSna Dr7EeyQ4rQHbf4FXkqbmeTRSU8KtbQ== =zW1K -----END PGP SIGNATURE-----
--- End Message ---
