diff -Nru varnish-5.0.0/debian/changelog varnish-5.0.0/debian/changelog
--- varnish-5.0.0/debian/changelog	2017-03-02 11:16:05.000000000 -0600
+++ varnish-5.0.0/debian/changelog	2017-08-07 12:57:31.000000000 -0500
@@ -1,3 +1,11 @@
+varnish (5.0.0-7ubuntu0.1) zesty-security; urgency=medium
+
+  * SECURITY UPDATE: Correctly handle bogusly large chunk sizes (LP: #1708354)
+    - 5.0-Correctly-handle-bogusly-large-chunk-sizes.patch
+    - CVE-2017-12425
+
+ -- Simon Quigley <tsimonq2@ubuntu.com>  Mon, 07 Aug 2017 12:57:31 -0500
+
 varnish (5.0.0-7) unstable; urgency=medium
 
   * Remove reload from varnish.service (Closes: #749272)
diff -Nru varnish-5.0.0/debian/control varnish-5.0.0/debian/control
--- varnish-5.0.0/debian/control	2017-03-02 11:16:05.000000000 -0600
+++ varnish-5.0.0/debian/control	2017-08-07 12:57:31.000000000 -0500
@@ -1,5 +1,6 @@
 Source: varnish
-Maintainer: Varnish Package Maintainers <pkg-varnish-devel@lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Varnish Package Maintainers <pkg-varnish-devel@lists.alioth.debian.org>
 Uploaders: Jan Wagner <waja@cyconet.org>,
            Lars Bahner <bahner@debian.org>,
            Stig Sandbeck Mathisen <ssm@debian.org>,
diff -Nru varnish-5.0.0/debian/patches/5.0-Correctly-handle-bogusly-large-chunk-sizes.patch varnish-5.0.0/debian/patches/5.0-Correctly-handle-bogusly-large-chunk-sizes.patch
--- varnish-5.0.0/debian/patches/5.0-Correctly-handle-bogusly-large-chunk-sizes.patch	1969-12-31 18:00:00.000000000 -0600
+++ varnish-5.0.0/debian/patches/5.0-Correctly-handle-bogusly-large-chunk-sizes.patch	2017-08-07 12:57:20.000000000 -0500
@@ -0,0 +1,95 @@
+Description: Correctly handle bogusly large chunk sizes.
+ This fixes a denial of service attack vector where bogusly large chunk
+ sizes in requests could be used to force restarts of the Varnish
+ server.
+ .
+ This is Varnish Security Vulnerability VSV00001
+ .
+ This fixes CVE-2017-12425.
+Author: Martin Blix Grydeland <martin@varnish-software.com>
+Origin: upstream
+Bug: https://varnish-cache.org/security/VSV00001
+Bug-Ubuntu: https://pad.lv/1708354
+Applied-Upstream: 09731b24b2225e3c0d66d3ec1b4fedef6fa22b6e
+Last-Update: 2017-08-07
+--- a/bin/varnishd/http1/cache_http1_vfp.c
++++ b/bin/varnishd/http1/cache_http1_vfp.c
+@@ -155,7 +155,7 @@ v1f_pull_chunked(struct vfp_ctx *vc, str
+ 		if (q == NULL || *q != '\0')
+ 			return (VFP_Error(vc, "chunked header number syntax"));
+ 		cl = (ssize_t)cll;
+-		if((uintmax_t)cl != cll)
++		if (cl < 0 || (uintmax_t)cl != cll)
+ 			return (VFP_Error(vc, "bogusly large chunk size"));
+ 
+ 		vfe->priv2 = cl;
+--- /dev/null
++++ b/bin/varnishtest/tests/f00001.vtc
+@@ -0,0 +1,67 @@
++varnishtest "Check that we handle bogusly large chunks correctly"
++
++# Check that the bug has been fixed
++
++server s1 {
++	rxreq
++	txresp
++
++	accept
++	rxreq
++	txresp
++} -start
++
++varnish v1 -vcl+backend {
++} -start
++
++client c1 {
++	send "POST / HTTP/1.1\r\n"
++	send "Transfer-Encoding: chunked\r\n\r\n"
++	send "FFFFFFFFFFFFFFED\r\n"
++	send "0\r\n\r\n"
++
++	rxresp
++	expect resp.status == 503
++} -run
++
++# Check that the published workaround does not cause harm
++
++varnish v1 -cliok "param.set vcc_allow_inline_c true"
++
++varnish v1 -vcl+backend {
++        sub exploit_workaround {
++                # This needs to be defined before your vcl_recv function
++                # Make sure that the runtime parameter vcc_allow_inline_c is set to true
++                if (req.http.transfer-encoding ~ "(?i)chunked") {
++                        C{
++                        struct dummy_req {
++                                unsigned        magic;
++                                int             step;
++                                int             req_body_status;
++                        };
++                        ((struct dummy_req *)ctx->req)->req_body_status = 5;
++                        }C
++
++                        return (synth(503, "Bad request"));
++                }
++        }
++
++        sub vcl_recv {
++                # Call this early in your vcl_recv function
++                call exploit_workaround;
++        }
++}
++
++client c1 {
++	send "POST / HTTP/1.1\r\n"
++	send "Transfer-Encoding: chunked\r\n\r\n"
++	send "FFFFFFFFFFFFFFED\r\n0\r\n\r\n"
++
++	expect_close
++} -run
++
++client c1 {
++	txreq
++	rxresp
++	expect resp.status == 200
++} -run
diff -Nru varnish-5.0.0/debian/patches/series varnish-5.0.0/debian/patches/series
--- varnish-5.0.0/debian/patches/series	2017-03-02 11:16:05.000000000 -0600
+++ varnish-5.0.0/debian/patches/series	2017-08-07 12:47:37.000000000 -0500
@@ -1 +1,2 @@
 0001-Ensure-package-builds-reproducibly.patch
+5.0-Correctly-handle-bogusly-large-chunk-sizes.patch