This bug was fixed in the package varnish - 6.2.1-2ubuntu0.1
--------------- varnish (6.2.1-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Sensitive Information Disclosure - debian/patches/CVE-2019-20637.patch: Clear err_code and err_reason at start of request handling. (LP: #1971504, LP: #1939281) CVE-2019-20637 * SECURITY UPDATE: Assertion failure - debian/patches/CVE-2020-11653.patch: Take sizeof pool_task into account when reserving WS in SES_Wait. (LP: #1971504, LP: #1939281) CVE-2020-11653 * SECURITY UPDATE: HTTP Request Smuggling - debian/patches/CVE-2021-36740.patch: Take content length into account on H/2 request bodies. (LP: #1971504, LP: #1939281) - debian/patches/CVE-2022-23959.patch: Mark req doclose when failing to ignore req body. (LP: #1971504, LP: #1939281) CVE-2021-36740 CVE-2022-23959 * Additions fixes - debian/patches/WS_ReserveAll.patch: Add WS_ReserveAll to replace WS_Reserve(ws, 0). - debian/patches/WS_ReserveSize.patch: Deprecate WS_Reserve() and replace it with WS_ReserveSize().
-- Luís Infante da Câmara <email address hidden> Wed, 04 May 2022 21:16:37 +0100
This bug was fixed in the package varnish - 6.2.1-2ubuntu0.1
---------------
varnish (6.2.1-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Sensitive Information Disclosure patches/ CVE-2019- 20637.patch: Clear err_code and err_reason at 2019-20637 patches/ CVE-2020- 11653.patch: Take sizeof pool_task into account 2020-11653 patches/ CVE-2021- 36740.patch: Take content length into patches/ CVE-2022- 23959.patch: Mark req doclose when failing 2021-36740 2022-23959 patches/ WS_ReserveAll. patch: Add WS_ReserveAll to replace Reserve( ws, 0). patches/ WS_ReserveSize. patch: Deprecate WS_Reserve() and replace
- debian/
start of request handling. (LP: #1971504, LP: #1939281)
CVE-
* SECURITY UPDATE: Assertion failure
- debian/
when reserving WS in SES_Wait. (LP: #1971504, LP: #1939281)
CVE-
* SECURITY UPDATE: HTTP Request Smuggling
- debian/
account on H/2 request bodies. (LP: #1971504, LP: #1939281)
- debian/
to ignore req body. (LP: #1971504, LP: #1939281)
CVE-
CVE-
* Additions fixes
- debian/
WS_
- debian/
it with WS_ReserveSize().
-- Luís Infante da Câmara <email address hidden> Wed, 04 May 2022 21:16:37 +0100