-
haproxy (1.8.8-1ubuntu0.13) bionic-security; urgency=medium
* SECURITY UPDATE: incorrect handling of empty http header field names
- debian/patches/CVE-2023-25725.patch: properly reject empty http
header field names in src/h1.c, src/hpack-dec.c,
include/common/hpack-tbl.h.
- CVE-2023-25725
-- Marc Deslauriers <email address hidden> Mon, 13 Feb 2023 07:59:11 -0500
-
haproxy (1.8.8-1ubuntu0.11) bionic; urgency=medium
* Avoid crashes on idle connections between http requests (LP: #1884149)
-- Christian Ehrhardt <email address hidden> Mon, 22 Jun 2020 10:41:43 +0200
-
haproxy (1.8.8-1ubuntu0.10) bionic-security; urgency=medium
* SECURITY UPDATE: Arbitrary memory write
- debian/patches/CVE-2020-11100.patch: make sure the headroom is
considered only when the buffer does not wrap in src/hpack-tbl.c.
- CVE-2020-11100
-- <email address hidden> (Leonidas S. Barbosa) Fri, 03 Apr 2020 16:33:07 -0300
-
haproxy (1.8.8-1ubuntu0.9) bionic-security; urgency=medium
* SECURITY UPDATE: Intermediary Encapsulation attacks
- debian/patches/CVE-2019-19330-*.patch: reject header values containing
invalid chars and make header field name filtering stronger in
src/h2.c, include/common/ist.h, include/common/h2.h.
- CVE-2019-19330
-- <email address hidden> (Leonidas S. Barbosa) Mon, 02 Dec 2019 12:38:31 -0300
-
haproxy (1.8.8-1ubuntu0.8) bionic; urgency=medium
* d/p/lp-1848902-MINOR-systemd-consider-exit-status-143-as-successful.patch:
fix potential hang in haproxy (LP: #1848902)
-- Christian Ehrhardt <email address hidden> Tue, 12 Nov 2019 13:16:22 +0100
-
haproxy (1.8.8-1ubuntu0.7) bionic-security; urgency=medium
* SECURITY UPDATE: Messages with transfer-encoding header missing "chunked"
value were not being correctly rejected
- debian/patches/CVE-2019-18277.patch: also reject messages where
"chunked" is missing from transfer-enoding in.
src/proto_http.c.
- CVE-2019-18277
-- <email address hidden> (Leonidas S. Barbosa) Mon, 04 Nov 2019 11:03:13 -0300
-
haproxy (1.8.8-1ubuntu0.6) bionic; urgency=medium
* Fix issues around dh_params when building against openssl 1.1.1
to avoid regressing the minimal key size (LP: 1841936)
- d/p/lp-1841936-BUG-MEDIUM-ssl-tune.ssl.default-dh-param-value-ignor.patch
- d/p/lp-1841936-CLEANUP-ssl-make-ssl_sock_load_dh_params-handle-errc.patch
haproxy (1.8.8-1ubuntu0.5) bionic; urgency=medium
* no change rebuild to pick up openssl 1.1.1 and via that
TLSv1.3 (LP: #1841936)
-- Christian Ehrhardt <email address hidden> Wed, 23 Oct 2019 11:37:53 +0200
-
haproxy (1.8.8-1ubuntu0.5) bionic; urgency=medium
* no change rebuild to pick up openssl 1.1.1 and via that
TLSv1.3 (LP: #1841936)
-- Christian Ehrhardt <email address hidden> Tue, 03 Sep 2019 12:14:43 +0200
-
haproxy (1.8.8-1ubuntu0.4) bionic; urgency=medium
* d/p/stksess-align.patch: Make sure stksess is properly aligned.
(LP: #1804069)
* d/t/control, d/t/proxy-localhost: simple DEP8 test to actually
generate traffic through haproxy.
-- Andreas Hasenack <email address hidden> Thu, 24 Jan 2019 10:20:49 -0200
-
haproxy (1.8.8-1ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2018-20102.patch: check the bounds
in src/dns.c.
- CVE-2018-20102
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20103.patch: fix in
src/dns.c.
- CVE-2018-20103
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20615.patch: fix in
src/mux_h2.c.
- CVE-2018-20615
-- <email address hidden> (Leonidas S. Barbosa) Fri, 11 Jan 2019 11:06:19 -0300
-
haproxy (1.8.8-1ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-14645.patch: fix in include/common/hpack-tbl.h,
src/hpack-dec.c, src/hpack-tbl.c.
- CVE-2018-14645
-- <email address hidden> (Leonidas S. Barbosa) Tue, 02 Oct 2018 08:32:44 -0300
-
haproxy (1.8.8-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Information disclosure
- debian/patches/CVE-2018-11469.patch: fix in src/protp_http.c and
adds some config notes.
- CVE-2018-11469
-- <email address hidden> (Leonidas S. Barbosa) Tue, 29 May 2018 16:29:29 -0300
-
haproxy (1.8.8-1) unstable; urgency=high
* New upstream version.
- BUG/CRITICAL: h2: fix incorrect frame length check
-- Vincent Bernat <email address hidden> Thu, 19 Apr 2018 17:51:55 +0200
-
haproxy (1.8.7-1) unstable; urgency=medium
* New upstream version.
- BUG/MAJOR: cache: always initialize newly created objects
* d/control: switch maintainer address to tracker.debian.org.
-- Vincent Bernat <email address hidden> Sat, 07 Apr 2018 07:58:34 +0200
-
haproxy (1.8.4-1) experimental; urgency=medium
* New upstream stable release.
* d/patches: document why dconv patch is not in series.
* d/docs: ship NOTICE file in haproxy-doc.
-- Vincent Bernat <email address hidden> Sat, 10 Feb 2018 08:43:36 +0100
-
haproxy (1.7.9-1ubuntu2) bionic; urgency=high
* No change rebuild against openssl1.1.
-- Dimitri John Ledkov <email address hidden> Mon, 05 Feb 2018 16:49:35 +0000
-
haproxy (1.7.9-1ubuntu1) artful; urgency=medium
* Backport of -x option from upstream haproxy to enable seamless
reloading of haproxy without dropping connections. This is enabled
by adding
" stats socket <stats file> expose-fd listeners
stats bind-process 1 "
to the global section of your haproxy config, and
setting HAPROXY_STATS_SOCKET in the haproxy.service unit file.
(LP: #1712925)
-- Dave Chiluk <email address hidden> Thu, 14 Sep 2017 12:32:36 -0500