Hi guys,
I need your help. Recently I found an issue CVE-2019-11323, it already fixed in 1.9.7 But it looks like all other haproxy branches affected by this issue according to the following link. https://www.cvedetails.com/cve/CVE-2019-11323/ CVE-2019-11323 : HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, H<https://www.cvedetails.com/cve/CVE-2019-11323/> www.cvedetails.com CVE-2019-11323 : HAProxy before 1.9.7 mishandles a reload with rotated keys, which triggers use of uninitialized, and very predictable, HMAC keys. This is related to an include/types/ssl_sock.h error. Unfortunately I'm using haproxy 1.7.11, I don't want to upgrade 1.9 right now. So I checked haproxy 1.7 release, no new version, just 1.7.11. And then I checked the code fix in 1.9 branch and compared with 1.7 branch. https://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=8ef706502aa2000531d36e4ac56dbdc7c30f718d;hp=646b7741bc683d6c6b43342369afcbba33d7b6ec I couldn't find the same code in 1.7 branch, it looks like this issue just existed in 1.9 branch. I don't understand why this issue affected all branches in cvedetails site. Can somebody help confirm this, CVE-2019-11323 didn't affect 1.7 branch, is it right? Thanks, John Thanks
