Ubuntu
haproxy package

  1. Bug #2028418
  2. Comment #10

Comment 10 for bug 2028418

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package haproxy - 2.4.24-0ubuntu0.22.04.1

---------------
haproxy (2.4.24-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream release (LP: #2028418)
    - Major and critical bug fixes according to the upstream changelog:
      + BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value
        replacement
      + BUG/MAJOR: http: reject any empty content-length header value
    - For further information, refer to the upstream changelog at
      https://www.haproxy.org/download/2.4/src/CHANGELOG and to the upstream
      release announcements at
      https://<email address hidden>/msg43664.html
      (2.4.23), and
      https://<email address hidden>/msg43901.html (2.4.24)
    - Remove patches applied by upstream in debian/patches:
      + CVE-2023-40225-1.patch
      + CVE-2023-40225-2.patch

 -- Athos Ribeiro <email address hidden> Tue, 31 Oct 2023 11:16:29 -0300