[Secure-testing-team] Bug#728989: varnish: CVE-2013-4484
Salvatore Bonaccorso
carnil at debian.org
Thu Nov 7 16:16:21 UTC 2013
Package: varnish
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
Know you are already aware, opening bugreport to keep track of this
issue.
the following vulnerability was published for varnish.
CVE-2013-4484[0]:
| Varnish before 3.0.5 allows remote attackers to cause a denial of
| service (child-process crash and temporary caching outage) via a GET
| request with trailing whitespace characters and no URI.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
[0] http://security-tracker.debian.org/tracker/CVE-2013-4484
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list