Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted varnish 6.1.1-1+deb10u4 (source) into oldstable
Date: Sun, 27 Nov 2022 22:10:22 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 27 Nov 2022 22:50:36 CET
Source: varnish
Architecture: source
Version: 6.1.1-1+deb10u4
Distribution: buster-security
Urgency: high
Maintainer: Varnish Package Maintainers <team+varnish-team@tracker.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 b56699950b1ba9b8c5bab31a9d6d138fd6db824c 2588 varnish_6.1.1-1+deb10u4.dsc
 2fc233becfcc72f5303f0156f395d0a09bb291e2 29140 varnish_6.1.1-1+deb10u4.debian.tar.xz
 df562c1d80b2fafd62e71470849744af88f514d6 10664 varnish_6.1.1-1+deb10u4_amd64.buildinfo
Checksums-Sha256:
 0eda7e3b628e4743740fd9852ebe6d79980d16c4f6710cbe9b2d2be72b539eda 2588 varnish_6.1.1-1+deb10u4.dsc
 9a8756ebea6a9eb1c649321cfa9733d0ac3b61db207b9c664d687dbb4ac1dac3 29140 varnish_6.1.1-1+deb10u4.debian.tar.xz
 25a5fb92f7b2adfe372c4be490ca20b5ac85e6f299af208bb1f7a99842b5964b 10664 varnish_6.1.1-1+deb10u4_amd64.buildinfo
Changes:
 varnish (6.1.1-1+deb10u4) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2022-45060:
     An HTTP Request Forgery issue was discovered in Varnish Cache. An attacker
     may introduce characters through HTTP/2 pseudo-headers that are invalid in
     the context of an HTTP/1 request line, causing the Varnish server to
     produce invalid HTTP/1 requests to the backend. This could, in turn, be
     used to exploit vulnerabilities in a server behind the Varnish server.
   * Fix CVE-2020-11653:
     An issue was discovered in Varnish Cache. It occurs when communication with
     a TLS termination proxy uses PROXY version 2. There can be an assertion
     failure and daemon restart, which causes a performance loss.
Files:
 65ce5eca3d44c62276e245634983c015 2588 web optional varnish_6.1.1-1+deb10u4.dsc
 e24dabb24dcc1af30b15ceb7550eb833 29140 web optional varnish_6.1.1-1+deb10u4.debian.tar.xz
 565a7d397e8e0351b81cbc222f9e7722 10664 web optional varnish_6.1.1-1+deb10u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmOD2+FfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkYckP/0Sfj3Z0DN8hiFlGu/bfSzIONGNHm6WoZoE7
N63ryVdPcX9TpNLAphJQsWw4wHWb8nLpc6oC7RZsENICfjpq8BccKHGbmQc0sxgA
seUZBnemU90i8Rw7zirD6SybwtcXmxgXa4siZIyZk6lQttbr9JAel2UjgrMbPv9Z
zHR4o4jgngEBjq/cGfV9VdrtybZbAe6/EJsrsWNXG1wgmwmGWk3x9GfX5k4tEsDG
BhLuEG4tUPoqTxdl2AX5h3uL9qE7LxZunWOaIbhU6/kMMZmIsWOu5iDynKA0lI8z
PjQSmkX1fRQqFm760Yj2/8TDyMoECWEzXiNsB6srGi54YyQc4xfTBw29sCIR9KMU
jGaFct/tm4aueFgPPAkPeisde6G7HndM42vNpZ4RXvN0QjsUAn9djNkgnNuH/fhs
COG5XAB59rXa4gZ3Jb+x/MqtbkjUTvah7vhM2j04ov8irbdzRJDiAu8xWz0rlVtx
4UwHtVduY4UsW1MEP5O+xt91NZKjgIllWjfRnH1Iz0tbRgfiFm3Tf426a3dnvpcK
zG4F+OdRG5Jm9Bylq/GMdelMc3k+Ugd0ZhiH2gt6wI0z1ooFsYNc6fuin9j+l8XY
fyS2u2BnxxlmZEV6OHvC0/QtBgImpYXh1RxsfB8wlJfP+h3ienYd266TQPLHAS27
yeZXyPho
=n+y6
-----END PGP SIGNATURE-----

News for package varnish