Your message dated Fri, 26 Jun 2026 19:05:26 +0000
with message-id <[email protected]>
and subject line Bug#1140430: fixed in haproxy 3.2.20-1
has caused the Debian Bug report #1140430,
regarding haproxy: CVE-2026-55203 CVE-2026-55204
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1140430: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140430
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: haproxy
Version: 3.2.19-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerabilities were published for haproxy.
They do not warrant a DSA, but could be fixed in the next point
releases.
CVE-2026-55203[0]:
| HAProxy through 3.4.0, fixed in commit 5985276, contains an integer
| overflow vulnerability in the fcgi_conn structure's drl field that
| allows buffer misparse as new FCGI record headers. When
| contentLength is 65535 and paddingLength is 1 or more, the drl field
| wraps to 0, causing incorrect record consumption and allowing
| malicious FastCGI backends to desynchronize the FCGI framing parser,
| potentially causing request routing errors, response smuggling, or
| memory safety issues.
CVE-2026-55204[1]:
| HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null
| pointer dereference vulnerability in hpack_dht_insert() within
| src/hpack-tbl.c that fails to validate the return value of
| hpack_dht_defrag() when the memory pool is exhausted. An attacker
| can trigger HPACK dynamic table insertions under memory pressure to
| dereference a NULL pointer and crash HAProxy worker processes,
| causing denial of service.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-55203
https://www.cve.org/CVERecord?id=CVE-2026-55203
https://github.com/haproxy/haproxy/commit/5985276735777634d8c85f1d73bb7764aab0d6dd
[1] https://security-tracker.debian.org/tracker/CVE-2026-55204
https://www.cve.org/CVERecord?id=CVE-2026-55204
https://github.com/haproxy/haproxy/commit/9a6d1fe3f00d86ab4ea6ea6ea0a5d48fc058a513
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: haproxy
Source-Version: 3.2.20-1
Done: Vincent Bernat <[email protected]>
We believe that the bug you reported is fixed in the latest version of
haproxy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vincent Bernat <[email protected]> (supplier of updated haproxy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Jun 2026 20:37:40 +0200
Source: haproxy
Architecture: source
Version: 3.2.20-1
Distribution: unstable
Urgency: medium
Maintainer: Debian HAProxy Maintainers <[email protected]>
Changed-By: Vincent Bernat <[email protected]>
Closes: 1140430
Changes:
haproxy (3.2.20-1) unstable; urgency=medium
.
* New upstream release.
* Closes: #1140430:
- CVE-2026-55203: integer overflow when parsing FCGI header.
- CVE-2026-55204: add missing NULL check in HTTP/2 header compression.
Checksums-Sha1:
bc1f662d5fc02ea6f1bb2074322ae1d0398ff994 2438 haproxy_3.2.20-1.dsc
0d928329f0dcaf17c73a6264f73fe008065b97e8 5158781 haproxy_3.2.20.orig.tar.gz
a13cc1d01d07e46d0fa0c5cc15959a9aadcb1306 85000 haproxy_3.2.20-1.debian.tar.xz
754c8ec0fd29bec1451322fe2b6d2242fa15b774 9853 haproxy_3.2.20-1_amd64.buildinfo
Checksums-Sha256:
75b90757a81be88122c2db8ab5050443fb1662bafc4395a87acbbd445f88798d 2438
haproxy_3.2.20-1.dsc
8eef76e3d3f731ae6d9bf57594c52f29c38c9be7987c5b46a96a13bad1a88666 5158781
haproxy_3.2.20.orig.tar.gz
c0ebaecca28f04725f527b2e0c06401ba0707a52904a81206adb20eb210e2342 85000
haproxy_3.2.20-1.debian.tar.xz
8646cd15c214eb9de92f32bdf582482bb91bbd4b20ef992124d425ee05b66da6 9853
haproxy_3.2.20-1_amd64.buildinfo
Files:
7cd26d2568e295536102a7b64e796231 2438 net optional haproxy_3.2.20-1.dsc
f39309cc9fbdcaae7c870274792fb3ce 5158781 net optional
haproxy_3.2.20.orig.tar.gz
d2c5e8d693ee1e62646ace7c3e968db3 85000 net optional
haproxy_3.2.20-1.debian.tar.xz
a7b06851d01994505ce12a6564467091 9853 net optional
haproxy_3.2.20-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEErvI0h2bzccaJpzYAlaQv6DU1JfkFAmo+x6YSHGJlcm5hdEBk
ZWJpYW4ub3JnAAoJEJWkL+g1NSX5jXsQAIKSGnRSHVxnNT2G4D+cQr76E0ZK7WOi
KdgXOVQ17E0XWOPTjOOZW+JIWpc9RnniLYXIAcTp3483YkaTbKXE7KK9AU4eB1uQ
qAtvQ19D+5ITM0NS8a80cGqM/vvvaj/d4D9og8cFmXE/VwKYD5R+00MSPeo8RBTz
W17zjPvWtlm0oZ+tBSqphCZHbIr3Ybna5JCtsBGrtBQs6quPbQzHe/Ku9G/aDAu7
odxnDQrnVhYBmqoCqc80yV323/QfC5/g74bdp8GLc8+siOe0unHc9fr5bBZzBjma
cGDzr62Zhr7PXTLTL96+W2aJ+bpjTAS0JpfkdrB0MYK3ymbsVrecO/IuGcxdB2ts
vEBWtiNu5uG30FssLKy1bhismVi6TXIgTUvoTGSMRVGggm5s6HuITuwmuvbgjEsp
bFF4b+BwVsBuFntV6O+d70Hy1c2LXCeLlrMw4EZeBt85i5PZljJAij6p4IKQiPKb
UIixXlzS/EmNPPBXIxsC9Jun0Xss3RPA+YIujNDZCvIiprLfgCdGE8iXSWT+KMvK
2jRadPfu+WxAkCRcwBuxlh7sDMCPdEcMGj7UXcIQQEh/XQKZCyxP6Rf2NuBoiuOx
k2N710u/KD+kkElmWR0lTkbwg/pGH08LSaos54oAal4gnSloDM6nx3hMsPHoxOlb
Tizgbmo9sEbw
=nG2O
-----END PGP SIGNATURE-----
pgp23AQ1UhuLL.pgp
Description: PGP signature
--- End Message ---