Your message dated Fri, 26 Jun 2026 18:49:20 +0000
with message-id <[email protected]>
and subject line Bug#1140430: fixed in haproxy 3.4.1-1
has caused the Debian Bug report #1140430,
regarding haproxy: CVE-2026-55203 CVE-2026-55204
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1140430: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140430
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: haproxy
Version: 3.2.19-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerabilities were published for haproxy.

They do not warrant a DSA, but could be fixed in the next point
releases.

CVE-2026-55203[0]:
| HAProxy through 3.4.0, fixed in commit 5985276, contains an integer
| overflow vulnerability in the fcgi_conn structure's drl field that
| allows buffer misparse as new FCGI record headers. When
| contentLength is 65535 and paddingLength is 1 or more, the drl field
| wraps to 0, causing incorrect record consumption and allowing
| malicious FastCGI backends to desynchronize the FCGI framing parser,
| potentially causing request routing errors, response smuggling, or
| memory safety issues.


CVE-2026-55204[1]:
| HAProxy through  3.4.0, fixed in commit 9a6d1fe, contains a null
| pointer dereference vulnerability in hpack_dht_insert() within
| src/hpack-tbl.c that fails to validate the return value of
| hpack_dht_defrag() when the memory pool is exhausted. An attacker
| can trigger HPACK dynamic table insertions under memory pressure to
| dereference a NULL pointer and crash HAProxy worker processes,
| causing denial of service.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-55203
    https://www.cve.org/CVERecord?id=CVE-2026-55203
    
https://github.com/haproxy/haproxy/commit/5985276735777634d8c85f1d73bb7764aab0d6dd
[1] https://security-tracker.debian.org/tracker/CVE-2026-55204
    https://www.cve.org/CVERecord?id=CVE-2026-55204
    
https://github.com/haproxy/haproxy/commit/9a6d1fe3f00d86ab4ea6ea6ea0a5d48fc058a513

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: haproxy
Source-Version: 3.4.1-1
Done: Vincent Bernat <[email protected]>

We believe that the bug you reported is fixed in the latest version of
haproxy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Vincent Bernat <[email protected]> (supplier of updated haproxy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 26 Jun 2026 20:22:47 +0200
Source: haproxy
Architecture: source
Version: 3.4.1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian HAProxy Maintainers <[email protected]>
Changed-By: Vincent Bernat <[email protected]>
Closes: 1140430
Changes:
 haproxy (3.4.1-1) experimental; urgency=medium
 .
   * New upstream release.
   * Closes: #1140430:
     - CVE-2026-55203: integer overflow when parsing FCGI header.
     - CVE-2026-55204: add missing NULL check in HTTP/2 header compression.
Checksums-Sha1:
 c9c228f423ed9c896ea3b4eae17a96cf1af42f6f 2460 haproxy_3.4.1-1.dsc
 bc03e0ba2af05c5e9e9b6ede1b6f0e4cbf16c834 5472617 haproxy_3.4.1.orig.tar.gz
 82ec95e2ae9ad996dba37d5a8d436a0f890bbdfa 84992 haproxy_3.4.1-1.debian.tar.xz
 6ee6372c8efbf5e779c565a93708be9a08af7db4 9836 haproxy_3.4.1-1_amd64.buildinfo
Checksums-Sha256:
 16ffb7a4af8b9b5a7287919e9597cd60a5ef7941515a037e506317c3aea6ce39 2460 
haproxy_3.4.1-1.dsc
 2e62c4ce4fd77d3bc7cf17e586431663454456a078b7c8465b8f0125b5bc22f8 5472617 
haproxy_3.4.1.orig.tar.gz
 2449bb4f45e0482d72b3a4b32c509e0d0d1df3abfcacb2090a5ff7a1fa49b569 84992 
haproxy_3.4.1-1.debian.tar.xz
 dd88cd4d2a9b270a0dceef7af8b1f4067abf6befdccc6fe9896d018e4001ecea 9836 
haproxy_3.4.1-1_amd64.buildinfo
Files:
 afe7a8e4877ab56ce59e12a83c578561 2460 net optional haproxy_3.4.1-1.dsc
 1ebdffce18a57bb4414836a8ed072251 5472617 net optional haproxy_3.4.1.orig.tar.gz
 524f3f66aa6bc7d2c16f603ef5e7867a 84992 net optional 
haproxy_3.4.1-1.debian.tar.xz
 11af5fff7b077d7838b5832335e79530 9836 net optional 
haproxy_3.4.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEErvI0h2bzccaJpzYAlaQv6DU1JfkFAmo+xJsSHGJlcm5hdEBk
ZWJpYW4ub3JnAAoJEJWkL+g1NSX5gx4P/2tCj8V8zgYaieS9jq2tlssiLQ1Jbpig
2bVfzvWAfeyuaTRiYC90XtYSX7FSbAM6uXku0kKkMZo5ft5pqiKIUSGfkfjklRps
EqPabkojNSQbsuL8BuQeBn62m2k7JK5uv4iB065ehr6VSTkmPVGpr1vKyU0iRIKe
yco41UVj6BDjx+/QvGubGPn+kqAnwxNyy3kDSE/X2vEqtqcfTPGXDJBfPDbAS0BI
sJ0Ic2pXHAreDab76wm4aVu4zwQzZT05vxi/eCV7p3iZwIWsEtgY8aOF41rijdJY
P8PSVt83I8RGZEfdENMSxH/uWu9RFMF7sOPAl6nxG4OAqAG6kcmPSwbBhm8AFcex
CvGt01FrPW7fiNatQKEZB1ZKAZp6fjaTdUmXtSj8MBBPVjxQHsVVLWDQEls8YbCQ
AIZaYVZTPiFTox1RbwxWi+Jr2trKuUYlX5dm+/NoJXGY/ctWWQBjh7g4fElJ387d
Wnm5f9+Ihrjy/rp7fxNddABh7NdZBvle9hVBmO8hygieRBK4/x5glClCUa3jdDot
FejEO+D8/5+w6R9+C0BsS2Cs61dor5EFE7HaWOhMKGq0geYFH1VhTeo1MX4pGbIg
UNuWj0g5OePGMZ2WyoCRCXWHiWW55/DE2kwfqzbHL6/LfpvMKYToxEOcdXAg6bwq
22Tp7FTHxMEi
=MzPp
-----END PGP SIGNATURE-----

Attachment: pgpDSVOJ9aJdZ.pgp
Description: PGP signature


--- End Message ---

Reply via email to