Summary: | <www-servers/varnish-7.1.0: HTTP/1 request smuggling | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | blueness |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://varnish-cache.org/security/VSV00008.html | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 860990 | ||
Bug Blocks: |
Description
John Helmert III
2022-01-28 13:53:16 UTC
We're going to bump to 7.1.0 which is not vulnerable to this and is currently the supported version. I'm getting everything ready for a stablereq. Thanks! Please stable when ready (In reply to John Helmert III from comment #2) > Thanks! Please stable when ready Its ready, I'm opening the stabelreq now (In reply to Anthony Basile from comment #3) > (In reply to John Helmert III from comment #2) > > Thanks! Please stable when ready > > Its ready, I'm opening the stabelreq now Vulnerable versions are off the tree and 7.1.0 is all stable. Thanks! Minimal impact so no GLSA, all done! |