[ubuntu/lunar-security] haproxy 2.6.9-1ubuntu1.1 (Accepted)
Rodrigo Figueiredo Zaiden
rodrigo.zaiden at canonical.com
Wed Aug 16 13:53:42 UTC 2023
haproxy (2.6.9-1ubuntu1.1) lunar-security; urgency=medium
* SECURITY UPDATE: incorrect handling of empty content-length header
- debian/patches/CVE-2023-40225-1.patch: add a proper check for empty
content-length header buffer in src/h1.c and src/http.c. Also add
tests for it in reg-tests/http-messaging/h1_to_h1.vtc and
reg-tests/http-messaging/h2_to_h1.vtc.
- debian/patches/CVE-2023-40225-2.patch: add a check for leading zero
in content-length header buffer in src/h1.c and src/http.c. Also add
tests in reg-tests/http-rules/h1or2_to_h1c.vtc.
- CVE-2023-40225
Date: 2023-08-15 19:06:13.160443+00:00
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
https://launchpad.net/ubuntu/+source/haproxy/2.6.9-1ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the lunar-changes
mailing list