Alias: CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. According to https://varnish-cache.org/security/VSV00013.html#vsv00013, fixed in 6.0.12, 7.3.1, and 7.4.2.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f27068df53eefac75ef5575ce420abf012c77f6d commit f27068df53eefac75ef5575ce420abf012c77f6d Author: Pacho Ramos <pacho@gentoo.org> AuthorDate: 2024-06-19 09:08:24 +0000 Commit: Pacho Ramos <pacho@gentoo.org> CommitDate: 2024-06-19 09:08:24 +0000 www-servers/varnish: add 7.5.0 Closes: https://bugs.gentoo.org/929880 Closes: https://bugs.gentoo.org/930443 Bug: https://bugs.gentoo.org/918416 Signed-off-by: Pacho Ramos <pacho@gentoo.org> www-servers/varnish/Manifest | 1 + www-servers/varnish/varnish-7.5.0.ebuild | 111 +++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98b43f566fac8ac543e97f4fd871314e19540515 commit 98b43f566fac8ac543e97f4fd871314e19540515 Author: Pacho Ramos <pacho@gentoo.org> AuthorDate: 2024-07-05 17:12:35 +0000 Commit: Pacho Ramos <pacho@gentoo.org> CommitDate: 2024-07-05 17:12:35 +0000 www-servers/varnish: drop 7.1.2-r2 Bug: https://bugs.gentoo.org/918416 Signed-off-by: Pacho Ramos <pacho@gentoo.org> www-servers/varnish/Manifest | 1 - www-servers/varnish/varnish-7.1.2-r2.ebuild | 108 ---------------------------- 2 files changed, 109 deletions(-)
