Public bug reported: Scheduled-For: 22.12 Upstream: tbd Debian: 2.2.17-1 2.4.7-1 Ubuntu: 2.2.9-2ubuntu2
Debian new has 2.4.7-1 ### New Debian Changes ### haproxy (2.2.17-1) unstable; urgency=medium * New upstream release. * d/patches: remove upstream-applied patch. -- Vincent Bernat <[email protected]> Thu, 09 Sep 2021 19:42:08 +0200 haproxy (2.2.16-3) unstable; urgency=high * d/patches: fix missing header name length check in HTX (CVE-2021-40346). -- Vincent Bernat <[email protected]> Sat, 04 Sep 2021 16:14:51 +0200 haproxy (2.2.16-2) unstable; urgency=medium * d/patches: h2: match absolute-path not path-absolute for :path -- Vincent Bernat <[email protected]> Sat, 21 Aug 2021 16:19:52 +0200 haproxy (2.2.16-1) unstable; urgency=high * New upstream release. * Fix CVE-2021-39240, CVE-2021-39241, CVE-2021-39242. * d/patches: remove upstream-applied patch. -- Vincent Bernat <[email protected]> Thu, 19 Aug 2021 07:22:05 +0200 haproxy (2.2.15-1) UNRELEASED; urgency=medium * New upstream release. -- Vincent Bernat <[email protected]> Fri, 16 Jul 2021 11:18:32 +0200 haproxy (2.2.14-1) UNRELEASED; urgency=medium * New upstream release. -- Vincent Bernat <[email protected]> Thu, 29 Apr 2021 15:32:49 +0200 haproxy (2.2.13-1) UNRELEASED; urgency=medium * New upstream release. -- Vincent Bernat <[email protected]> Fri, 02 Apr 2021 21:18:28 +0200 haproxy (2.2.12-1) UNRELEASED; urgency=medium * New upstream release. -- Vincent Bernat <[email protected]> Wed, 31 Mar 2021 20:31:24 +0200 haproxy (2.2.11-1) UNRELEASED; urgency=medium * New upstream release. -- Vincent Bernat <[email protected]> Thu, 18 Mar 2021 21:34:40 +0100 haproxy (2.2.10-1) UNRELEASED; urgency=medium * New upstream release. -- Vincent Bernat <[email protected]> Thu, 04 Mar 2021 19:08:41 +0100 haproxy (2.2.9-2) unstable; urgency=medium * d/patches: fix agent-check regression putting down servers. Closes: #988779. -- Vincent Bernat <[email protected]> Thu, 27 May 2021 15:00:01 +0200 haproxy (2.2.9-1) unstable; urgency=medium * New upstream release. - BUG/MAJOR: connection: reset conn->owner when detaching from session list -- Vincent Bernat <[email protected]> Sat, 06 Feb 2021 18:52:20 +0100 haproxy (2.2.8-1) unstable; urgency=medium * New upstream release. - Revert 'BUG/MINOR: dns: SRV records ignores duplicated AR records' -- Vincent Bernat <[email protected]> Thu, 14 Jan 2021 11:48:52 +0100 haproxy (2.2.7-1) unstable; urgency=medium * New upstream release. - BUG/MAJOR: ring: tcp forward on ring can break the reader counter. - BUG/MAJOR: spoa/python: Fixing return None -- Vincent Bernat <[email protected]> Sat, 09 Jan 2021 15:31:08 +0100 haproxy (2.2.6-2) unstable; urgency=medium * d/tests: sleep before test to let Apache2 start. Closes: #976997. -- Vincent Bernat <[email protected]> Thu, 07 Jan 2021 07:56:14 +0100 ### Old Ubuntu Delta ### haproxy (2.2.9-2ubuntu2) impish; urgency=medium * SECURITY UPDATE: duplicate content-length header check bypass in HTX - d/p/0001-2.0-2.3-BUG-MAJOR*.patch: fix missing header name length check in htx_add_header/trailer in src/htx.c. - CVE-2021-40346 -- Marc Deslauriers <[email protected]> Wed, 08 Sep 2021 08:12:20 -0400 haproxy (2.2.9-2ubuntu1) impish; urgency=medium * SECURITY UPDATE: Multiple issues in HTTP/2 implementation - d/p/2.2-0001*.patch: add a new function http_validate_scheme() to validate a scheme. - d/p/2.2-0002*.patch: verify early that non-http/https schemes match the valid syntax. - d/p/2.2-0003*.patch: verify that :path starts with a / before concatenating it. - d/p/2.2-0004*.patch: enforce checks on the method syntax before translating to HTX. - d/p/2.2-0005*.patch: give :authority precedence over Host. - No CVE number -- Marc Deslauriers <[email protected]> Mon, 16 Aug 2021 07:37:53 -0400 ** Affects: haproxy (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1946859 Title: Merge haproxy from Debian unstable for 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1946859/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
