CVSROOT: /cvs Module name: ports Changes by: d...@cvs.openbsd.org 2019/01/10 18:09:50
Modified files: devel/quirks : Makefile devel/quirks/files: Quirks.pm net/haproxy : Makefile distinfo Log message: Update to haproxy-1.8.17 Fix CVE-2018-20615: """BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used An incorrect frame length check is performed on HEADERS frame having the PRIORITY flag, possibly resulting in a read-past-bound which can cause a crash depending how the frame is crafted. All 1.9 and 1.8 versions are affected. As a result, all HTTP/2 users must either upgrade or temporarily disable HTTP/2 by commenting the "npn h2" and "alpn h2" statements on their related "bind" lines."""