UbuntuUpdates.org

Package "vim-haproxy"

Name: vim-haproxy

Description:

syntax highlighting for HAProxy configuration files

Latest version: 2.4.30-0ubuntu0.22.04.2
Release: jammy (22.04)
Level: security
Repository: universe
Head package: haproxy
Homepage: http://www.haproxy.org/

Links


Download "vim-haproxy"


Other versions of "vim-haproxy" in Jammy

Repository Area Version
base universe 2.4.14-1ubuntu1
updates universe 2.4.30-0ubuntu0.22.04.2

Changelog

Version: 2.4.30-0ubuntu0.22.04.2 2026-06-22 16:07:42 UTC

  haproxy (2.4.30-0ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: overflow in FCGI demux record length field
    - debian/patches/CVE-2026-55203.patch: mux-fcgi: fix uint16_t overflow in
      drl += drp in src/mux_fcgi.c.
    - CVE-2026-55203
  * SECURITY UPDATE: NULL dereference in hpack_dht_insert()
    - debian/patches/CVE-2026-55204.patch: hpack-tbl: add missing NULL check
      after hpack_dht_defrag() in src/hpack-tbl.c.
    - CVE-2026-55204

 -- Marc Deslauriers <email address hidden> Fri, 19 Jun 2026 11:04:49 -0400

Source diff to previous version
CVE-2026-55203 HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer
CVE-2026-55204 HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that

Version: 2.4.24-0ubuntu0.22.04.3 2025-10-06 19:07:37 UTC

  haproxy (2.4.24-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via MJSON
    - debian/patches/CVE-2025-11230.patch: fix possible DoS when parsing
      numbers in src/mjson.c.
    - CVE-2025-11230

 -- Marc Deslauriers <email address hidden> Wed, 01 Oct 2025 13:26:27 -0400

Source diff to previous version
CVE-2025-11230 BUG/CRITICAL: mjson: fix possible DoS when parsing numbers

Version: 2.4.24-0ubuntu0.22.04.2 2025-04-10 16:06:54 UTC

  haproxy (2.4.24-0ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: heap overflow in sample_conv_regsub
    - debian/patches/CVE-2025-32464.patch: fix risk of overflow when
      replacing multiple regex back-refs in src/sample.c.
    - CVE-2025-32464

 -- Marc Deslauriers <email address hidden> Wed, 09 Apr 2025 09:09:47 -0400

Source diff to previous version
CVE-2025-32464 HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the repl

Version: 2.4.22-0ubuntu0.22.04.3 2023-12-05 15:06:59 UTC

  haproxy (2.4.22-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: info disclosure or end_rule issue via hash character
    - debian/patches/CVE-2023-45539.patch: do not accept '#' as part of the
      URI component in src/h1.c.
    - CVE-2023-45539

 -- Marc Deslauriers <email address hidden> Mon, 04 Dec 2023 13:00:27 -0500

Source diff to previous version
CVE-2023-45539 HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified o

Version: 2.4.22-0ubuntu0.22.04.2 2023-08-16 15:07:00 UTC

  haproxy (2.4.22-0ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: incorrect handling of empty content-length header
    - debian/patches/CVE-2023-40225-1.patch: add a proper check for empty
      content-length header buffer in src/h1.c and src/h2.c. Also add
      tests for it in reg-tests/http-messaging/h1_to_h1.vtc and
      reg-tests/http-messaging/h2_to_h1.vtc.
    - debian/patches/CVE-2023-40225-2.patch: add a check for leading zero
      in content-length header buffer in src/h1.c and src/h2.c. Also add
      tests in reg-tests/http-rules/h1or2_to_h1c.vtc.
    - CVE-2023-40225

 -- Rodrigo Figueiredo Zaiden <email address hidden> Mon, 14 Aug 2023 20:00:52 -0300

CVE-2023-40225 HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x



About   -   Send Feedback to @ubuntu_updates