Multiple vulnerabilities in Bionic, Focal, Impish, Jammy and Lunar
Bug #1971504 reported by
Luís Infante da Câmara
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
varnish (Debian) |
Fix Released
|
Unknown
|
|||
varnish (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bionic |
Fix Released
|
Medium
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Unassigned | ||
Impish |
Fix Released
|
Medium
|
Unassigned | ||
Jammy |
Fix Released
|
Medium
|
Unassigned |
Bug Description
The version in Bionic is vulnerable to CVE-2019-20637 and CVE-2022-23959.
The version in Focal is vulnerable to CVE-2019-20637, CVE-2020-11653, CVE-2021-36740 (bug #1939281) and CVE-2022-23959.
The versions in Impish and Jammy are vulnerable to CVE-2022-23959.
The version in Kinetic is vulnerable to CVE-2022-23959 and CVE-2022-38150.
Please release patched versions.
Debian released an advisory on March 3.
CVE References
information type: | Private Security → Public Security |
description: | updated |
Changed in varnish (Ubuntu): | |
status: | New → In Progress |
assignee: | nobody → Luís Cunha dos Reis Infante da Câmara (luis220413) |
Changed in varnish (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in varnish (Debian): | |
status: | Unknown → New |
Changed in varnish (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in varnish (Ubuntu Focal): | |
status: | New → In Progress |
Changed in varnish (Ubuntu Impish): | |
status: | New → In Progress |
Changed in varnish (Ubuntu Jammy): | |
status: | New → In Progress |
Changed in varnish (Ubuntu): | |
status: | Fix Committed → In Progress |
Changed in varnish (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in varnish (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in varnish (Ubuntu): | |
importance: | Undecided → Medium |
Changed in varnish (Ubuntu Bionic): | |
importance: | Undecided → Medium |
Changed in varnish (Ubuntu Focal): | |
importance: | Undecided → Medium |
Changed in varnish (Ubuntu Impish): | |
importance: | Undecided → Medium |
Changed in varnish (Ubuntu Jammy): | |
importance: | Undecided → Medium |
Changed in varnish (Debian): | |
status: | New → Fix Released |
Changed in varnish (Ubuntu Focal): | |
status: | Fix Released → In Progress |
assignee: | nobody → Luís Cunha dos Reis Infante da Câmara (luis220413) |
assignee: | Luís Cunha dos Reis Infante da Câmara (luis220413) → nobody |
description: | updated |
To post a comment you must log in.
Debian believes that CVE-2019-20637 is a minor issue in Stretch and Buster, that have versions 5.0.0 and 6.1.1, respectively. In addition, when I run the new test f00004.vtc in the source tree for Bionic, I get an error. Therefore, I am not patching this CVE for Bionic.