{
  "schema_version": "1.7.0",
  "id": "MGASA-2020-0025",
  "published": "2020-01-07T21:19:56Z",
  "modified": "2020-01-07T20:58:40Z",
  "summary": "Updated varnish packages fix security vulnerability",
  "details": "Updated varnish packages fix security vulnerability:\n\nA bug has been discovered in Varnish Cache where we fail to clear a\npointer between the handling of one client requests and the next on\nthe same connection. This can under specific circumstances lead to\ninformation being leaked from the connection workspace (VSV00004).\n\nThe varnish package has been updated to version 6.3.1, which includes\nmany fixes and enhancements. See the upstream documentation for details.\n",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2020-0025.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=25960"
    },
    {
      "type": "WEB",
      "url": "https://varnish-cache.org/security/VSV00004.html"
    },
    {
      "type": "WEB",
      "url": "https://varnish-cache.org/docs/6.3/whats-new/index.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/B3OBLEH47QRUDDGH3YDMJ3SNT3D5LLDB/"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:7",
        "name": "varnish",
        "purl": "pkg:rpm/mageia/varnish?arch=source&distro=mageia-7"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.3.1-1.mga7"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}