[ubuntu/focal-updates] haproxy 2.0.31-0ubuntu0.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu Aug 17 15:28:08 UTC 2023


haproxy (2.0.31-0ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect handling of empty content-length header
    - debian/patches/CVE-2023-40225-1.patch: add a proper check for empty
      content-length header buffer in src/h1.c and src/h2.c. Also add
      tests for it in reg-tests/http-messaging/h1_to_h1.vtc and
      reg-tests/http-messaging/h2_to_h1.vtc.
    - debian/patches/CVE-2023-40225-2.patch: add a check for leading zero
      in content-length header buffer in src/h1.c and src/h2.c. Also add
      tests in reg-tests/http-rules/h1or2_to_h1c.vtc.
    - CVE-2023-40225

Date: 2023-08-16 22:34:13.483795+00:00
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/haproxy/2.0.31-0ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list