Package "vim-haproxy"
| Name: |
vim-haproxy
|
Description: |
syntax highlighting for HAProxy configuration files
|
| Latest version: |
2.8.16-0ubuntu0.24.04.3 |
| Release: |
noble (24.04) |
| Level: |
updates |
| Repository: |
universe |
| Head package: |
haproxy |
| Homepage: |
http://www.haproxy.org/ |
Links
Download "vim-haproxy"
Other versions of "vim-haproxy" in Noble
Changelog
|
haproxy (2.8.16-0ubuntu0.24.04.3) noble-security; urgency=medium
* SECURITY UPDATE: overflow in FCGI demux record length field
- debian/patches/CVE-2026-55203.patch: mux-fcgi: fix uint16_t overflow in
drl += drp in src/mux_fcgi.c.
- CVE-2026-55203
* SECURITY UPDATE: NULL dereference in hpack_dht_insert()
- debian/patches/CVE-2026-55204.patch: hpack-tbl: add missing NULL check
after hpack_dht_defrag() in src/hpack-tbl.c.
- CVE-2026-55204
-- Marc Deslauriers <email address hidden> Fri, 19 Jun 2026 11:04:08 -0400
|
| Source diff to previous version |
| CVE-2026-55203 |
HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer |
| CVE-2026-55204 |
HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that |
|
|
haproxy (2.8.16-0ubuntu0.24.04.2) noble-security; urgency=medium
* SECURITY UPDATE: HTTP/3 parser request smuggling issue
- debian/patches/CVE-2026-33555.patch: check body size with
content-length on empty FIN in src/h3.c.
- CVE-2026-33555
-- Marc Deslauriers <email address hidden> Wed, 15 Apr 2026 14:04:24 -0400
|
| Source diff to previous version |
| CVE-2026-33555 |
An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced conten |
|
|
haproxy (2.8.16-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream version (LP: #2127664)
- The API for the lua HTTPMessage "class" was improved to be able to
change the body length. It was mandatory to be able to write a lua
filter altering the message payload. HTTPMessage:set_body_len() can now
be used for this purpose
- Still in lua, The HTTP client is not supposed to be used to process
several requests but there was nothing to prevent this usage. An error
is now triggered in that case
- For further information, see the upstream release notes:
+ https://<email address hidden>/msg46201.html
* d/p/CVE-2025-11230.patch: drop patch fixed upstream in 2.8.16
-- Athos Ribeiro <email address hidden> Wed, 03 Dec 2025 12:12:24 -0300
|
| Source diff to previous version |
| 2127664 |
New HAProxy upstream microreleases 2.4.30, 2.8.16, and 3.0.12 |
| CVE-2025-11230 |
BUG/CRITICAL: mjson: fix possible DoS when parsing numbers |
|
|
haproxy (2.8.15-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream version (LP: #2112526)
- This new release introduce several fixes, including bug fixes for QUIC,
for the SSL stack, and LUA.
- New configuration options were introduced, and a new default value for
the hard limit on the number of file descriptors was introduced. These
are described in the Debian NEWS file.
- For further information, see the upstream release notes:
+ https://<email address hidden>/msg44606.html
+ https://<email address hidden>/msg44632.html
+ https://<email address hidden>/msg44787.html
+ https://<email address hidden>/msg44790.html
+ https://<email address hidden>/msg45060.html
+ https://<email address hidden>/msg45317.html
+ https://<email address hidden>/msg45413.html
+ https://<email address hidden>/msg45486.html
+ https://<email address hidden>/msg45570.html
+ https://<email address hidden>/msg45806.html
* d/NEWS: add NEWS file.
* Dropped paches applied upstream:
- d/p/CVE-2024-53008-1.patch
- d/p/CVE-2024-53008-2.patch
- d/p/CVE-2025-32464.patch
-- Athos Ribeiro <email address hidden> Wed, 08 Oct 2025 10:50:30 -0300
|
| Source diff to previous version |
| 2112526 |
Micro release updates for jammy, noble, and plucky |
| CVE-2024-53008 |
Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remo |
| CVE-2025-32464 |
HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the repl |
|
|
haproxy (2.8.5-1ubuntu3.4) noble-security; urgency=medium
* SECURITY UPDATE: DoS via MJSON
- debian/patches/CVE-2025-11230.patch: fix possible DoS when parsing
numbers in src/mjson.c.
- CVE-2025-11230
-- Marc Deslauriers <email address hidden> Wed, 01 Oct 2025 13:01:09 -0400
|
| CVE-2025-11230 |
BUG/CRITICAL: mjson: fix possible DoS when parsing numbers |
|
About
-
Send Feedback to @ubuntu_updates