[Secure-testing-team] Bug#881808: varnish: CVE-2017-8807: Data leak - '-sfile' Stevedore transient objects
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 15 11:43:08 UTC 2017
Source: varnish
Version: 5.0.0-1
Severity: serious
Tags: patch security upstream fixed-upstream
Forwarded: https://github.com/varnishcache/varnish-cache/pull/2429
Control: fixed -1 5.0.0-7+deb9u2
Hi,
the following vulnerability was published for varnish.
CVE-2017-8807[0]:
Data leak - '-sfile' Stevedore transient objects
The fix for stretch-security has already been preared and will be
released shortly, already marking the version as fixed accordingly
since prepared before.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-8807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8807
[1] https://github.com/varnishcache/varnish-cache/pull/2429
[2] https://varnish-cache.org/security/VSV00002.html
Regards,
Salvatore
More information about the Secure-testing-team
mailing list