-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5918-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 13, 2025                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : varnish
CVE ID         : not yet available

Ben Kallus discovered that incorrect parsing of chunked transfer
encodings in the Varnish web accelerator may result in HTTP request
smuggling or cache poisoning.

For the stable distribution (bookworm), this problem has been fixed in
version 7.1.1-2+deb12u1.

We recommend that you upgrade your varnish packages.

For the detailed security status of varnish please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/varnish

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmgjjGQACgkQEMKTtsN8
Tjbpjg/+KZfR/cBQXwFN+WQ8qQq/SgGL9NA9XLmz9U8ocvr6/nrJsAszl3iLn0PF
jjRODJu7kzAJjJl2I24bLgdCfevknn5EL+/FEtcL+my4X7SC7tGegrqJ0rnDJorg
JlK/qvcCLf+Lc6T9gZ4wOlsEJVbD+TVFaN4ipsIb7DWjA3SpBWcqtGY9G3dIsxNm
m4pzK2MNEdXSeDzBXSXuyDX/TzFQmgnI6my58eGoDqxc2Zt9WPm18zoKPGS+7C6x
KuERLLM95hyF3XBl2OYgY9D0cIuzwa618qVb+dQ1z5yrL8c7AlxE2FJnHOSfVj7K
YbiwrW6SFyjWdkE+ip/sVmSDH18QWwvGRAnm/FV81Rt1YUUEtZJMkyVwzdNqV6+s
NMtP+RDjdqDzm3xdyqH9YBBbx+2/uF9pwwCznmtNObUCO1Eg1yCJT/55hlanUlXU
pZJ+Jt3yM5sglL9HduiCB2M4+rhe7PX7rsAzePn8w9tY16vvHR+eNa+Vdjb36bdG
S4erBZ+wN+NHNp5jv8ZJsDEB2wVkumKNj3fwfeGy7zcfQysSKskKsEWHW95YEf4l
Yno2+7o7OIBmr1vzm4I6gxZOHrTKA8pryc1Z/6Kl/7jV7rKUJgarXf8cMofmfRMt
4uASZYTt1O/MPLnfr+tRxUMEaWG2ZMzMqpqUI7Yu3/gBoYEcooQ=q4Jk
-----END PGP SIGNATURE-----