This bug was fixed in the package haproxy - 3.2.9-1ubuntu1
---------------
haproxy (3.2.9-1ubuntu1) resolute; urgency=medium
* Merge with Debian unstable (LP: #2125994). Remaining changes:
- d/{control,rules}: Remove support for OpenTracing due to it being
in universe
* Dropped changes:
- SECURITY UPDATE: DoS via MJSON
+ d/p/CVE-2025-11230.patch: fix possible DoS when parsing numbers
in src/mjson.c.
+ CVE-2025-11230
[ Fixed in 3.2.6 ]
-- Athos Ribeiro <[email protected]> Mon, 24 Nov 2025 17:49:17 -0300
** Changed in: haproxy (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-11230
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2125994
Title:
Merge haproxy 3.2.5 from Debian Unstable for r-series
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/2125994/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
