{"affected":[{"ecosystem_specific":{"binaries":[{"libvarnishapi2":"6.2.1-bp151.4.3.1","varnish":"6.2.1-bp151.4.3.1","varnish-devel":"6.2.1-bp151.4.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15","name":"varnish","purl":"pkg:rpm/suse/varnish&distro=SUSE%20Package%20Hub%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.2.1-bp151.4.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libvarnishapi2":"6.2.1-bp151.4.3.1","varnish":"6.2.1-bp151.4.3.1","varnish-devel":"6.2.1-bp151.4.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP1","name":"varnish","purl":"pkg:rpm/suse/varnish&distro=SUSE%20Package%20Hub%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.2.1-bp151.4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for varnish fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-15892: Fixed a potential denial of service by sending crafted HTTP/1 requests (boo#1149382).\n\nNon-security issues fixed:\n\t  \n- Updated the package to release 6.2.1.\n- Added a thread pool watchdog which will restart the worker process if scheduling tasks onto worker threads appears stuck. The new parameter 'thread_pool_watchdog' configures it.\n- Disabled error for clobbering, which caused bogus error in varnishtest.\n\nThis update was imported from the openSUSE:Leap:15.0:Update update project.","id":"openSUSE-SU-2019:2221-1","modified":"2019-09-30T14:22:47Z","published":"2019-09-30T14:22:47Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EUILTBTXVXCNRCSBNVQOFYGAQZGHOI3D/#EUILTBTXVXCNRCSBNVQOFYGAQZGHOI3D"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149382"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15892"}],"related":["CVE-2019-15892"],"summary":"Security update for varnish","upstream":["CVE-2019-15892"]}