Please provide update for CVE-2021-36740 (VSV00007 Varnish HTTP/2 Request Smuggling Attack)
Bug #1939281 reported by
Lienhart Woitok
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
varnish (Ubuntu) |
Fix Released
|
Undecided
|
Luís Infante da Câmara |
Bug Description
Greetings,
I'm unsure whether I should flag this as security vulnerability or not, as the information is already out there anyway. Apologies if I misflagged, but I prefer to be rather safe than sorry.
Varnish Cache published a security update for CVE-2021-36740 a couple weeks ago: https:/
The packages in ubuntu have not been updated since, therefore I expect them to still be vulnerable to this attack.
Can you please provide updated packages fixing this vulnerability?
Thank you!
Best,
Lienhart
CVE References
Changed in varnish (Ubuntu): | |
status: | Confirmed → In Progress |
assignee: | nobody → Luís Cunha dos Reis Infante da Câmara (luis220413) |
Changed in varnish (Ubuntu): | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res