Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="5044">
  <issue id="976097" tracker="bnc">VUL-0: CVE-2015-8852: varnish: Vulnerable to HTTP Smuggling issues: Double Content Length and bad EOL</issue>
  <issue id="CVE-2015-8852" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>jengelh</packager>
  <description>
This varnish update to version 3.0.7 fixes the following issues: 

Security issues fixed:
- CVE-2015-8852: Vulnerable to HTTP Smuggling issues: Double Content
  Length and bad EOL. (boo#976097)

Bugs fixed:
- Stop recognizing a single CR (\r) as a HTTP line separator.
- Improved error detection on master-child process communication,
  leading to faster recovery (child restart) if communication
  loses sync.
- Fix a corner-case where Content-Length was wrong for HTTP 1.0
  clients, when using gzip and streaming.
- More robust handling of hop-by-hop headers.
- Avoid memory leak when adding bans.
</description>
  <summary>Security update for varnish</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places