UbuntuUpdates.org

Package "vim-haproxy"

Name: vim-haproxy

Description:

syntax highlighting for HAProxy configuration files

Latest version: 3.0.12-0ubuntu0.25.10.5
Release: questing (25.10)
Level: security
Repository: universe
Head package: haproxy
Homepage: http://www.haproxy.org/

Links


Download "vim-haproxy"


Other versions of "vim-haproxy" in Questing

Repository Area Version
base universe 3.0.10-1ubuntu3
updates universe 3.0.12-0ubuntu0.25.10.5

Changelog

Version: 3.0.12-0ubuntu0.25.10.5 2026-06-22 19:07:51 UTC

  haproxy (3.0.12-0ubuntu0.25.10.5) questing-security; urgency=medium

  * SECURITY UPDATE: overflow in FCGI demux record length field
    - debian/patches/CVE-2026-55203.patch: mux-fcgi: fix uint16_t overflow in
      drl += drp in src/mux_fcgi.c.
    - CVE-2026-55203
  * SECURITY UPDATE: NULL dereference in hpack_dht_insert()
    - debian/patches/CVE-2026-55204.patch: hpack-tbl: add missing NULL check
      after hpack_dht_defrag() in src/hpack-tbl.c.
    - CVE-2026-55204

 -- Marc Deslauriers <email address hidden> Fri, 19 Jun 2026 11:03:40 -0400

Source diff to previous version
CVE-2026-55203 HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer
CVE-2026-55204 HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that

Version: 3.0.12-0ubuntu0.25.10.4 2026-04-27 13:11:06 UTC

  haproxy (3.0.12-0ubuntu0.25.10.4) questing-security; urgency=medium

  * SECURITY UPDATE: HTTP/3 parser request smuggling issue
    - debian/patches/CVE-2026-33555.patch: check body size with
      content-length on empty FIN in src/h3.c.
    - CVE-2026-33555

 -- Marc Deslauriers <email address hidden> Wed, 15 Apr 2026 14:02:22 -0400

Source diff to previous version
CVE-2026-33555 An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced conten

Version: 3.0.12-0ubuntu0.25.10.3 2026-02-12 20:07:59 UTC

  haproxy (3.0.12-0ubuntu0.25.10.3) questing-security; urgency=medium

  * SECURITY UPDATE: crash via INITIAL packet for the NEW_TOKEN format
    - debian/patches/quic-reject-invalid-token.patch: reject invalid token
      in src/quic_token.c.
    - CVE-2026-26081

 -- Marc Deslauriers <email address hidden> Tue, 10 Feb 2026 07:50:15 -0500

CVE-2026-26081 BUG/MAJOR: quic: reject invalid token



About   -   Send Feedback to @ubuntu_updates