[12:52] <ingvar> Hello. A local team discovered a few days ago that CVE-2020-11653 is probably _not_ fixed in Ubuntu focal. I have added our findings to https://bugs.launchpad.net/ubuntu/+source/varnish/+bug/1971504
[12:53] <ingvar> In short: The patch set added to fix that CVE for varnish-6.2.1 is not complete, and the version of varnish installed with latest focal updates is still potentially vulnerable for DOS attacks.
[13:12] <mdeslaur> pfsmorigo: ^