UbuntuUpdates.org

Package "vim-haproxy"

Name: vim-haproxy

Description:

syntax highlighting for HAProxy configuration files

Latest version: 2.8.16-0ubuntu0.24.04.3
Release: noble (24.04)
Level: updates
Repository: universe
Head package: haproxy
Homepage: http://www.haproxy.org/

Links


Download "vim-haproxy"


Other versions of "vim-haproxy" in Noble

Repository Area Version
base universe 2.8.5-1ubuntu3
security universe 2.8.16-0ubuntu0.24.04.3

Changelog

Version: 2.8.16-0ubuntu0.24.04.3 2026-06-22 19:07:46 UTC

  haproxy (2.8.16-0ubuntu0.24.04.3) noble-security; urgency=medium

  * SECURITY UPDATE: overflow in FCGI demux record length field
    - debian/patches/CVE-2026-55203.patch: mux-fcgi: fix uint16_t overflow in
      drl += drp in src/mux_fcgi.c.
    - CVE-2026-55203
  * SECURITY UPDATE: NULL dereference in hpack_dht_insert()
    - debian/patches/CVE-2026-55204.patch: hpack-tbl: add missing NULL check
      after hpack_dht_defrag() in src/hpack-tbl.c.
    - CVE-2026-55204

 -- Marc Deslauriers <email address hidden> Fri, 19 Jun 2026 11:04:08 -0400

Source diff to previous version
CVE-2026-55203 HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer
CVE-2026-55204 HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that

Version: 2.8.16-0ubuntu0.24.04.2 2026-04-27 14:11:10 UTC

  haproxy (2.8.16-0ubuntu0.24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: HTTP/3 parser request smuggling issue
    - debian/patches/CVE-2026-33555.patch: check body size with
      content-length on empty FIN in src/h3.c.
    - CVE-2026-33555

 -- Marc Deslauriers <email address hidden> Wed, 15 Apr 2026 14:04:24 -0400

Source diff to previous version
CVE-2026-33555 An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced conten

Version: 2.8.16-0ubuntu0.24.04.1 2026-01-15 20:12:23 UTC

  haproxy (2.8.16-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream version (LP: #2127664)
    - The API for the lua HTTPMessage "class" was improved to be able to
      change the body length. It was mandatory to be able to write a lua
      filter altering the message payload. HTTPMessage:set_body_len() can now
      be used for this purpose
    - Still in lua, The HTTP client is not supposed to be used to process
      several requests but there was nothing to prevent this usage. An error
      is now triggered in that case
    - For further information, see the upstream release notes:
      + https://<email address hidden>/msg46201.html
  * d/p/CVE-2025-11230.patch: drop patch fixed upstream in 2.8.16

 -- Athos Ribeiro <email address hidden> Wed, 03 Dec 2025 12:12:24 -0300

Source diff to previous version
2127664 New HAProxy upstream microreleases 2.4.30, 2.8.16, and 3.0.12
CVE-2025-11230 BUG/CRITICAL: mjson: fix possible DoS when parsing numbers

Version: 2.8.15-0ubuntu0.24.04.1 2025-11-13 22:07:22 UTC

  haproxy (2.8.15-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream version (LP: #2112526)
    - This new release introduce several fixes, including bug fixes for QUIC,
      for the SSL stack, and LUA.
    - New configuration options were introduced, and a new default value for
      the hard limit on the number of file descriptors was introduced. These
      are described in the Debian NEWS file.
    - For further information, see the upstream release notes:
      + https://<email address hidden>/msg44606.html
      + https://<email address hidden>/msg44632.html
      + https://<email address hidden>/msg44787.html
      + https://<email address hidden>/msg44790.html
      + https://<email address hidden>/msg45060.html
      + https://<email address hidden>/msg45317.html
      + https://<email address hidden>/msg45413.html
      + https://<email address hidden>/msg45486.html
      + https://<email address hidden>/msg45570.html
      + https://<email address hidden>/msg45806.html
  * d/NEWS: add NEWS file.
  * Dropped paches applied upstream:
    - d/p/CVE-2024-53008-1.patch
    - d/p/CVE-2024-53008-2.patch
    - d/p/CVE-2025-32464.patch

 -- Athos Ribeiro <email address hidden> Wed, 08 Oct 2025 10:50:30 -0300

Source diff to previous version
2112526 Micro release updates for jammy, noble, and plucky
CVE-2024-53008 Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remo
CVE-2025-32464 HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the repl

Version: 2.8.5-1ubuntu3.4 2025-10-06 21:08:25 UTC

  haproxy (2.8.5-1ubuntu3.4) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via MJSON
    - debian/patches/CVE-2025-11230.patch: fix possible DoS when parsing
      numbers in src/mjson.c.
    - CVE-2025-11230

 -- Marc Deslauriers <email address hidden> Wed, 01 Oct 2025 13:01:09 -0400

CVE-2025-11230 BUG/CRITICAL: mjson: fix possible DoS when parsing numbers



About   -   Send Feedback to @ubuntu_updates