Package: varnish-modules Followup-For: Bug #985947 Control: tags -1 unreproducible Control: close -1
According to https://varnish-cache.org/security/VSV00006.html the only affected version is 0.17.0: > Versions affected > > varnish-modules version 0.17.0 > > varnish-modules klarlack version 0.17.0 > > Notice that these versions of varnish-modules require Varnish Cache version > 6.5 or later. > > Notice that users are only affected if the header.append() or header.copy() > functions are used. > > Versions not affected > > Any version of varnish-modules compatible with Varnish Cache versions 6.4 and > earlier are not affected. This includes the Varnish Cache 6.0-LTS series and > all versions of Varnish Cache Plus. As we've got 0.16.0 (varnish-modules) we are not affected… Looking at the code in question, the layout of the function was completly different at that version, but I see the equivalent of the missing nullptr-check in the old code Therefore, closing the bug. If you disagree, please reopen. -- tobi
