---
- branch: MAIN
  date: Mon Jul 19 12:47:31 UTC 2021
  files:
  - new: '1.32'
    old: '1.31'
    path: pkgsrc/www/varnish/Makefile
    pathrev: pkgsrc/www/varnish/Makefile@1.32
    type: modified
  - new: '1.16'
    old: '1.15'
    path: pkgsrc/www/varnish/distinfo
    pathrev: pkgsrc/www/varnish/distinfo@1.16
    type: modified
  id: 20210719T124731Z.5ad647c0eb5c161b2c9caa69db54100080398923
  log: |
    varnish: update to 6.6.1

    CVE-2021-36740: request smuggling attack can be performed on Varnish Cache
    and Varnish Cache Plus servers that have the HTTP/2 protocol enabled. The
    smuggled requests do not go through normal VCL processing, and any
    authorization steps implemented in VCL would be bypassed.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/varnish'
  unixtime: '1626698851'
  user: tnn