This bug was fixed in the package varnish - 3.0.5-2ubuntu0.1
--------------- varnish (3.0.5-2ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: HTTP Smuggling issues: Double Content Length and bad EOL (LP: #1709153). - fix-HTTP-Smuggling-CVE-2015-8852.patch - CVE-2015-8852 * SECURITY UPDATE: Correctly handle bogusly large chunk sizes (LP: #1709153). - Correctly-handle-bogusly-large-chunk-sizes-CVE-2017-12425.patch - CVE-2017-12425
-- Simon Quigley <email address hidden> Mon, 07 Aug 2017 13:57:07 -0500
This bug was fixed in the package varnish - 3.0.5-2ubuntu0.1
---------------
varnish (3.0.5-2ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: HTTP Smuggling issues: Double Content Length and bad EOL Smuggling- CVE-2015- 8852.patch handle- bogusly- large-chunk- sizes-CVE- 2017-12425. patch
(LP: #1709153).
- fix-HTTP-
- CVE-2015-8852
* SECURITY UPDATE: Correctly handle bogusly large chunk sizes
(LP: #1709153).
- Correctly-
- CVE-2017-12425
-- Simon Quigley <email address hidden> Mon, 07 Aug 2017 13:57:07 -0500