** Description changed: - Scheduled-For: 22.12 Upstream: tbd Debian: 2.2.17-1 2.4.7-1 Ubuntu: 2.2.9-2ubuntu2 - Debian new has 2.4.7-1 - ### New Debian Changes ### haproxy (2.2.17-1) unstable; urgency=medium - * New upstream release. - * d/patches: remove upstream-applied patch. + * New upstream release. + * d/patches: remove upstream-applied patch. - -- Vincent Bernat <ber...@debian.org> Thu, 09 Sep 2021 19:42:08 +0200 + -- Vincent Bernat <ber...@debian.org> Thu, 09 Sep 2021 19:42:08 +0200 haproxy (2.2.16-3) unstable; urgency=high - * d/patches: fix missing header name length check in HTX + * d/patches: fix missing header name length check in HTX (CVE-2021-40346). - -- Vincent Bernat <ber...@debian.org> Sat, 04 Sep 2021 16:14:51 +0200 + -- Vincent Bernat <ber...@debian.org> Sat, 04 Sep 2021 16:14:51 +0200 haproxy (2.2.16-2) unstable; urgency=medium - * d/patches: h2: match absolute-path not path-absolute for :path + * d/patches: h2: match absolute-path not path-absolute for :path - -- Vincent Bernat <ber...@debian.org> Sat, 21 Aug 2021 16:19:52 +0200 + -- Vincent Bernat <ber...@debian.org> Sat, 21 Aug 2021 16:19:52 +0200 haproxy (2.2.16-1) unstable; urgency=high - * New upstream release. - * Fix CVE-2021-39240, CVE-2021-39241, CVE-2021-39242. - * d/patches: remove upstream-applied patch. + * New upstream release. + * Fix CVE-2021-39240, CVE-2021-39241, CVE-2021-39242. + * d/patches: remove upstream-applied patch. - -- Vincent Bernat <ber...@debian.org> Thu, 19 Aug 2021 07:22:05 +0200 + -- Vincent Bernat <ber...@debian.org> Thu, 19 Aug 2021 07:22:05 +0200 haproxy (2.2.15-1) UNRELEASED; urgency=medium - * New upstream release. + * New upstream release. - -- Vincent Bernat <ber...@debian.org> Fri, 16 Jul 2021 11:18:32 +0200 + -- Vincent Bernat <ber...@debian.org> Fri, 16 Jul 2021 11:18:32 +0200 haproxy (2.2.14-1) UNRELEASED; urgency=medium - * New upstream release. + * New upstream release. - -- Vincent Bernat <ber...@debian.org> Thu, 29 Apr 2021 15:32:49 +0200 + -- Vincent Bernat <ber...@debian.org> Thu, 29 Apr 2021 15:32:49 +0200 haproxy (2.2.13-1) UNRELEASED; urgency=medium - * New upstream release. + * New upstream release. - -- Vincent Bernat <ber...@debian.org> Fri, 02 Apr 2021 21:18:28 +0200 + -- Vincent Bernat <ber...@debian.org> Fri, 02 Apr 2021 21:18:28 +0200 haproxy (2.2.12-1) UNRELEASED; urgency=medium - * New upstream release. + * New upstream release. - -- Vincent Bernat <ber...@debian.org> Wed, 31 Mar 2021 20:31:24 +0200 + -- Vincent Bernat <ber...@debian.org> Wed, 31 Mar 2021 20:31:24 +0200 haproxy (2.2.11-1) UNRELEASED; urgency=medium - * New upstream release. + * New upstream release. - -- Vincent Bernat <ber...@debian.org> Thu, 18 Mar 2021 21:34:40 +0100 + -- Vincent Bernat <ber...@debian.org> Thu, 18 Mar 2021 21:34:40 +0100 haproxy (2.2.10-1) UNRELEASED; urgency=medium - * New upstream release. + * New upstream release. - -- Vincent Bernat <ber...@debian.org> Thu, 04 Mar 2021 19:08:41 +0100 + -- Vincent Bernat <ber...@debian.org> Thu, 04 Mar 2021 19:08:41 +0100 haproxy (2.2.9-2) unstable; urgency=medium - * d/patches: fix agent-check regression putting down servers. - Closes: #988779. + * d/patches: fix agent-check regression putting down servers. + Closes: #988779. - -- Vincent Bernat <ber...@debian.org> Thu, 27 May 2021 15:00:01 +0200 + -- Vincent Bernat <ber...@debian.org> Thu, 27 May 2021 15:00:01 +0200 haproxy (2.2.9-1) unstable; urgency=medium - * New upstream release. - - BUG/MAJOR: connection: reset conn->owner when detaching from session - list + * New upstream release. + - BUG/MAJOR: connection: reset conn->owner when detaching from session + list - -- Vincent Bernat <ber...@debian.org> Sat, 06 Feb 2021 18:52:20 +0100 + -- Vincent Bernat <ber...@debian.org> Sat, 06 Feb 2021 18:52:20 +0100 haproxy (2.2.8-1) unstable; urgency=medium - * New upstream release. - - Revert 'BUG/MINOR: dns: SRV records ignores duplicated AR records' + * New upstream release. + - Revert 'BUG/MINOR: dns: SRV records ignores duplicated AR records' - -- Vincent Bernat <ber...@debian.org> Thu, 14 Jan 2021 11:48:52 +0100 + -- Vincent Bernat <ber...@debian.org> Thu, 14 Jan 2021 11:48:52 +0100 haproxy (2.2.7-1) unstable; urgency=medium - * New upstream release. - - BUG/MAJOR: ring: tcp forward on ring can break the reader counter. - - BUG/MAJOR: spoa/python: Fixing return None + * New upstream release. + - BUG/MAJOR: ring: tcp forward on ring can break the reader counter. + - BUG/MAJOR: spoa/python: Fixing return None - -- Vincent Bernat <ber...@debian.org> Sat, 09 Jan 2021 15:31:08 +0100 + -- Vincent Bernat <ber...@debian.org> Sat, 09 Jan 2021 15:31:08 +0100 haproxy (2.2.6-2) unstable; urgency=medium - * d/tests: sleep before test to let Apache2 start. - Closes: #976997. + * d/tests: sleep before test to let Apache2 start. + Closes: #976997. - -- Vincent Bernat <ber...@debian.org> Thu, 07 Jan 2021 07:56:14 +0100 - - + -- Vincent Bernat <ber...@debian.org> Thu, 07 Jan 2021 07:56:14 +0100 ### Old Ubuntu Delta ### haproxy (2.2.9-2ubuntu2) impish; urgency=medium - * SECURITY UPDATE: duplicate content-length header check bypass in HTX - - d/p/0001-2.0-2.3-BUG-MAJOR*.patch: fix missing header name length - check in htx_add_header/trailer in src/htx.c. - - CVE-2021-40346 + * SECURITY UPDATE: duplicate content-length header check bypass in HTX + - d/p/0001-2.0-2.3-BUG-MAJOR*.patch: fix missing header name length + check in htx_add_header/trailer in src/htx.c. + - CVE-2021-40346 - -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 08 Sep 2021 + -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 08 Sep 2021 08:12:20 -0400 haproxy (2.2.9-2ubuntu1) impish; urgency=medium - * SECURITY UPDATE: Multiple issues in HTTP/2 implementation - - d/p/2.2-0001*.patch: add a new function http_validate_scheme() to - validate a scheme. - - d/p/2.2-0002*.patch: verify early that non-http/https schemes match - the valid syntax. - - d/p/2.2-0003*.patch: verify that :path starts with a / before - concatenating it. - - d/p/2.2-0004*.patch: enforce checks on the method syntax before - translating to HTX. - - d/p/2.2-0005*.patch: give :authority precedence over Host. - - No CVE number + * SECURITY UPDATE: Multiple issues in HTTP/2 implementation + - d/p/2.2-0001*.patch: add a new function http_validate_scheme() to + validate a scheme. + - d/p/2.2-0002*.patch: verify early that non-http/https schemes match + the valid syntax. + - d/p/2.2-0003*.patch: verify that :path starts with a / before + concatenating it. + - d/p/2.2-0004*.patch: enforce checks on the method syntax before + translating to HTX. + - d/p/2.2-0005*.patch: give :authority precedence over Host. + - No CVE number - -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Mon, 16 Aug 2021 + -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Mon, 16 Aug 2021 07:37:53 -0400
** Changed in: haproxy (Ubuntu) Milestone: None => ubuntu-21.12 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1946859 Title: Merge haproxy from Debian unstable for 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1946859/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs