UbuntuUpdates.org

Package "vim-haproxy"

Name: vim-haproxy

Description:

syntax highlighting for HAProxy configuration files

Latest version: 2.4.30-0ubuntu0.22.04.2
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: haproxy
Homepage: http://www.haproxy.org/

Links


Download "vim-haproxy"


Other versions of "vim-haproxy" in Jammy

Repository Area Version
base universe 2.4.14-1ubuntu1
security universe 2.4.30-0ubuntu0.22.04.2

Changelog

Version: 2.4.30-0ubuntu0.22.04.2 2026-06-22 19:07:42 UTC

  haproxy (2.4.30-0ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: overflow in FCGI demux record length field
    - debian/patches/CVE-2026-55203.patch: mux-fcgi: fix uint16_t overflow in
      drl += drp in src/mux_fcgi.c.
    - CVE-2026-55203
  * SECURITY UPDATE: NULL dereference in hpack_dht_insert()
    - debian/patches/CVE-2026-55204.patch: hpack-tbl: add missing NULL check
      after hpack_dht_defrag() in src/hpack-tbl.c.
    - CVE-2026-55204

 -- Marc Deslauriers <email address hidden> Fri, 19 Jun 2026 11:04:49 -0400

Source diff to previous version
CVE-2026-55203 HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer
CVE-2026-55204 HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that

Version: 2.4.30-0ubuntu0.22.04.1 2026-01-15 20:12:17 UTC

  haproxy (2.4.30-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream version (LP: #2127664)
    - Fix an issue in H2 where 'Z' character was not rejected as expected from
      header field names
    - For further information, see the upstream release notes:
      + https://<email address hidden>/msg46188.html
  * d/p/CVE-2025-11230.patch: drop patch fixed upstream in 2.4.30

 -- Athos Ribeiro <email address hidden> Wed, 03 Dec 2025 13:00:30 -0300

Source diff to previous version
2127664 New HAProxy upstream microreleases 2.4.30, 2.8.16, and 3.0.12
CVE-2025-11230 BUG/CRITICAL: mjson: fix possible DoS when parsing numbers

Version: 2.4.29-0ubuntu0.22.04.1 2025-11-13 22:07:19 UTC

  haproxy (2.4.29-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream version (LP: #2112526)
    - This new version includes several bug fixes.
    - The SSL stack is now always completely initialized.
    - For further information, see the upstream release notes:
      + https://<email address hidden>/msg44427.html
      + https://<email address hidden>/msg44784.html
      + https://<email address hidden>/msg45071.html
      + https://<email address hidden>/msg45416.html
      + https://<email address hidden>/msg45810.html
  * d/p/CVE-2025-32464.patch: drop patch applied upstream

 -- Athos Ribeiro <email address hidden> Fri, 10 Oct 2025 11:50:23 -0300

Source diff to previous version
2112526 Micro release updates for jammy, noble, and plucky
CVE-2025-32464 HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the repl

Version: 2.4.24-0ubuntu0.22.04.3 2025-10-06 21:08:21 UTC

  haproxy (2.4.24-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via MJSON
    - debian/patches/CVE-2025-11230.patch: fix possible DoS when parsing
      numbers in src/mjson.c.
    - CVE-2025-11230

 -- Marc Deslauriers <email address hidden> Wed, 01 Oct 2025 13:26:27 -0400

Source diff to previous version
CVE-2025-11230 BUG/CRITICAL: mjson: fix possible DoS when parsing numbers

Version: 2.4.24-0ubuntu0.22.04.2 2025-04-10 18:06:57 UTC

  haproxy (2.4.24-0ubuntu0.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: heap overflow in sample_conv_regsub
    - debian/patches/CVE-2025-32464.patch: fix risk of overflow when
      replacing multiple regex back-refs in src/sample.c.
    - CVE-2025-32464

 -- Marc Deslauriers <email address hidden> Wed, 09 Apr 2025 09:09:47 -0400

CVE-2025-32464 HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the repl



About   -   Send Feedback to @ubuntu_updates