Reserve DLA-3208-1 for varnish

3 files changed, 3 insertions, 5 deletions

diff --git a/data/CVE/list b/data/CVE/list
index ff8255adfd..8714e27f4d 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -194003,7 +194003,6 @@ CVE-2020-11654
 	RESERVED
 CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...)
 	- varnish 6.4.0-1 (bug #956307)
-	[buster] - varnish <postponed> (Can be fixed along in next DSA)
 	[stretch] - varnish <not-affected> (Only affects 6.x)
 	[jessie] - varnish <not-affected> (Only affects 6.x)
 	NOTE: https://varnish-cache.org/security/VSV00005.html#vsv00005
diff --git a/data/DLA/list b/data/DLA/list
index c146b9bec0..b03f4932a7 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[27 Nov 2022] DLA-3208-1 varnish - security update
+	{CVE-2020-11653 CVE-2022-45060}
+	[buster] - varnish 6.1.1-1+deb10u4
 [27 Nov 2022] DLA-3207-1 jackson-databind - security update
 	{CVE-2020-36518 CVE-2022-42003 CVE-2022-42004}
 	[buster] - jackson-databind 2.9.8-3+deb10u4
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 2ffaab97ec..c38aa1d931 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -331,10 +331,6 @@ trafficserver
 twisted (Dominik George)
   NOTE: 20221030: Programming language: Python.
 --
-varnish (Markus Koschany)
-  NOTE: 20221109: Programming language: C.
-  NOTE: 20221109: First DLA, 3 minor CVEs to fix (Beuc/front-desk)
---
 virglrenderer (Thorsten Alteholz)
   NOTE: 20221009: Programming language: C.
 --