Information on source package varnish

Available versions

ReleaseVersion
jessie4.0.2-1+deb8u1
stretch5.0.0-7+deb9u3
buster6.1.1-1+deb10u4
bullseye6.5.1-1+deb11u3
bookworm7.1.1-1.1
trixie7.6.0-2
sid7.6.0-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-30156fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedVarnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 L ...
CVE-2023-44487fixedvulnerable (no DSA, ignored)vulnerablevulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedThe HTTP/2 protocol allows a denial of service (server resource consum ...
CVE-2022-45060fixedvulnerable (no DSA, ignored)fixedfixedfixedfixedfixedAn HTTP Request Forgery issue was discovered in Varnish Cache 5.x and ...
CVE-2022-23959vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedfixedIn Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 ...
CVE-2021-36740fixedvulnerable (no DSA, ignored)fixedfixedfixedfixedfixedVarnish Cache, with HTTP/2 enabled, allows request smuggling and VCL a ...
CVE-2019-20637fixedvulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedAn issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6 ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2009-4488vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableVarnish 2.0.6 writes data to a log file without sanitizing non-printab ...

Resolved issues

BugDescription
CVE-2022-45059An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x be ...
CVE-2022-38150In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cau ...
CVE-2020-11653An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...
CVE-2019-15892An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x a ...
CVE-2017-12425An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1 ...
CVE-2017-8807vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cach ...
CVE-2015-8852Varnish 3.x before 3.0.7, when used in certain stacked installations, ...
CVE-2013-4484Varnish before 3.0.5 allows remote attackers to cause a denial of serv ...
CVE-2013-4090Varnish HTTP cache before 3.0.4: ACL bug
CVE-2013-0345varnish 3.0.3 uses world-readable permissions for the /var/log/varnish ...
CVE-2009-2936The Command Line Interface (aka Server CLI or administration interface ...

Security announcements

DSA / DLADescription
DSA-5334-1varnish - security update
DLA-3208-1varnish - security update
DSA-5088-1varnish - security update
DLA-2920-1varnish - security update
DSA-4514-1varnish - security update
DSA-4034-1varnish - security update
DSA-3924-1varnish - security update
DSA-3553-1varnish - security update
DSA-2814-1varnish - denial of service

Search for package or bug name: Reporting problems