* New upstream release (LP: #2028418)
- Major and critical bug fixes according to the upstream changelog:
+ BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value
replacement
+ BUG/MAJOR: http: reject any empty content-length header value
- For further information, refer to the upstream changelog at https://www.haproxy.org/download/2.4/src/CHANGELOG and to the upstream
release announcements at
https://<email address hidden>/msg43664.html
(2.4.23), and
https://<email address hidden>/msg43901.html (2.4.24)
- Remove patches applied by upstream in debian/patches:
+ CVE-2023-40225-1.patch
+ CVE-2023-40225-2.patch
This bug was fixed in the package haproxy - 2.4.24- 0ubuntu0. 22.04.1
--------------- 0ubuntu0. 22.04.1) jammy; urgency=medium
haproxy (2.4.24-
* New upstream release (LP: #2028418) /www.haproxy. org/download/ 2.4/src/ CHANGELOG and to the upstream /msg43664. html /msg43901. html (2.4.24) 40225-1. patch 40225-2. patch
- Major and critical bug fixes according to the upstream changelog:
+ BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value
replacement
+ BUG/MAJOR: http: reject any empty content-length header value
- For further information, refer to the upstream changelog at
https:/
release announcements at
https://<email address hidden>
(2.4.23), and
https://<email address hidden>
- Remove patches applied by upstream in debian/patches:
+ CVE-2023-
+ CVE-2023-
-- Athos Ribeiro <email address hidden> Tue, 31 Oct 2023 11:16:29 -0300