-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-5918-1
security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff
May 13, 2025
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : varnish
CVE ID : not yet available
Ben Kallus discovered that incorrect parsing of chunked transfer
encodings in the Varnish web accelerator may result in HTTP request
smuggling or cache poisoning.
For the stable distribution (bookworm), this problem has been fixed in
version 7.1.1-2+deb12u1.
We recommend that you upgrade your varnish packages.
For the detailed security status of varnish please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/varnish
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmgjjGQACgkQEMKTtsN8 Tjbpjg/+KZfR/cBQXwFN+WQ8qQq/SgGL9NA9XLmz9U8ocvr6/nrJsAszl3iLn0PF jjRODJu7kzAJjJl2I24bLgdCfevknn5EL+/FEtcL+my4X7SC7tGegrqJ0rnDJorg JlK/qvcCLf+Lc6T9gZ4wOlsEJVbD+TVFaN4ipsIb7DWjA3SpBWcqtGY9G3dIsxNm m4pzK2MNEdXSeDzBXSXuyDX/TzFQmgnI6my58eGoDqxc2Zt9WPm18zoKPGS+7C6x KuERLLM95hyF3XBl2OYgY9D0cIuzwa618qVb+dQ1z5yrL8c7AlxE2FJnHOSfVj7K YbiwrW6SFyjWdkE+ip/sVmSDH18QWwvGRAnm/FV81Rt1YUUEtZJMkyVwzdNqV6+s NMtP+RDjdqDzm3xdyqH9YBBbx+2/uF9pwwCznmtNObUCO1Eg1yCJT/55hlanUlXU pZJ+Jt3yM5sglL9HduiCB2M4+rhe7PX7rsAzePn8w9tY16vvHR+eNa+Vdjb36bdG S4erBZ+wN+NHNp5jv8ZJsDEB2wVkumKNj3fwfeGy7zcfQysSKskKsEWHW95YEf4l Yno2+7o7OIBmr1vzm4I6gxZOHrTKA8pryc1Z/6Kl/7jV7rKUJgarXf8cMofmfRMt 4uASZYTt1O/MPLnfr+tRxUMEaWG2ZMzMqpqUI7Yu3/gBoYEcooQ=
=q4Jk
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)