varnish question

To: Abhijith PA <abhijith@disroot.org>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: varnish question
From: Ola Lundqvist <ola@inguza.com>
Date: Mon, 10 Jun 2024 22:35:47 +0200
Message-id: <[🔎] CABY6=0nBG28ehFZBhHidUxtaZFZQ+q+30GT+uAcOX5MFY0yZaw@mail.gmail.com>

Hi Abhijith

I had a brief look at varnish that you have worked on to figure out
what the state of the package is.

In buster I can see the following CVEs.
CVE-2024-30156 - ignored in bullseye and bookworm because it is too
intrusive to backport
CVE-2023-44487 - ignored in bullseye and bookworm because it is too
intrusive to backport
CVE-2019-20637 - looks like it can be backported

My question to you is which issue you have tried to address? Is it
CVE-2019-20637?
Only?

If only that, is there any particular reason why CVE-2024-30156 and
CVE-44487 have not been ignored for buster as well?

Thanks in advance

// Ola

-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
|  ola@inguza.com                    opal@debian.org            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
 ---------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: varnish question
  - From: Abhijith PA <abhijith@debian.org>

Prev by Date: (E)LTS report for May 2024
Next by Date: Re: varnish question
Previous by thread: (E)LTS report for May 2024
Next by thread: Re: varnish question
Index(es):
- Date
- Thread