From phk at phk.freebsd.dk  Sat Apr 28 07:50:46 2012
From: phk at phk.freebsd.dk (Poul-Henning Kamp)
Date: Sat, 28 Apr 2012 07:50:46 +0000
Subject: Almost but not quite a security advisory
Message-ID: <49438.1335599446@critter.freebsd.dk>


Hi Varnish users,

This is a pretty special corner case, way outside what we promise
Varnish will do, so I have decided it does not qualify for a
security-advisory, however, the announce list is my only way to
communicate with the very few people this issue applies to:

If
    You run varnishd as root
and
    You use privilege separation
and
    You accept VCL programs from untrusted sources
and
    You allow the VCL programs to contain inline-C or unverified VMODs. 

Then please check the 2012-04-28 entry on:

	https://www.varnish-cache.org/trac/wiki/TroubleLog

Thanks in advance,

Poul-Henning

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.