UbuntuUpdates.org

Package "vim-haproxy"

Name: vim-haproxy

Description:

syntax highlighting for HAProxy configuration files

Latest version: 3.2.9-1ubuntu2.2
Release: resolute (26.04)
Level: security
Repository: universe
Head package: haproxy
Homepage: http://www.haproxy.org/

Links


Download "vim-haproxy"


Other versions of "vim-haproxy" in Resolute

Repository Area Version
base universe 3.2.9-1ubuntu2
updates universe 3.2.9-1ubuntu2.2

Changelog

Version: 3.2.9-1ubuntu2.2 2026-06-22 19:07:55 UTC

  haproxy (3.2.9-1ubuntu2.2) resolute-security; urgency=medium

  * SECURITY UPDATE: overflow in FCGI demux record length field
    - debian/patches/CVE-2026-55203.patch: mux-fcgi: fix uint16_t overflow in
      drl += drp in src/mux_fcgi.c.
    - CVE-2026-55203
  * SECURITY UPDATE: NULL dereference in hpack_dht_insert()
    - debian/patches/CVE-2026-55204.patch: hpack-tbl: add missing NULL check
      after hpack_dht_defrag() in src/hpack-tbl.c.
    - CVE-2026-55204

 -- Marc Deslauriers <email address hidden> Fri, 19 Jun 2026 11:01:00 -0400

Source diff to previous version
CVE-2026-55203 HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer
CVE-2026-55204 HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that

Version: 3.2.9-1ubuntu2.1 2026-04-27 13:11:07 UTC

  haproxy (3.2.9-1ubuntu2.1) resolute-security; urgency=medium

  * SECURITY UPDATE: HTTP/3 parser request smuggling issue
    - debian/patches/CVE-2026-33555.patch: check body size with
      content-length on empty FIN in src/h3.c.
    - CVE-2026-33555

 -- Marc Deslauriers <email address hidden> Wed, 15 Apr 2026 13:58:58 -0400

CVE-2026-33555 An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced conten



About   -   Send Feedback to @ubuntu_updates