Control: found -1 5.0.0-1 Control: fixed -1 7.4.2 On Nov 17, Salvatore Bonaccorso <car...@debian.org> wrote:
> CVE-2023-44487[0]: > | The HTTP/2 protocol allows a denial of service (server resource > | consumption) because request cancellation can reset many streams > | quickly, as exploited in the wild in August through October 2023. Fixing this issue would require backporting a significant amount of new features in varnish and I do not believe that it would be practical. I am inclined to downgrade this bug because: - this is just a DoS attack - it only concerns people using hitch for TLS termination instead of a full web server like nginx or haproxy nginx in stable is also vulnerable, BTW. -- ciao, Marco
signature.asc
Description: PGP signature
