[ubuntu/jammy-security] haproxy 2.4.24-0ubuntu0.22.04.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Apr 10 11:53:19 UTC 2025
haproxy (2.4.24-0ubuntu0.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: heap overflow in sample_conv_regsub
- debian/patches/CVE-2025-32464.patch: fix risk of overflow when
replacing multiple regex back-refs in src/sample.c.
- CVE-2025-32464
haproxy (2.4.24-0ubuntu0.22.04.1) jammy; urgency=medium
* New upstream release (LP: #2028418)
- Major and critical bug fixes according to the upstream changelog:
+ BUG/MAJOR: http-ana: Get a fresh trash buffer for each header value
replacement
+ BUG/MAJOR: http: reject any empty content-length header value
- For further information, refer to the upstream changelog at
https://www.haproxy.org/download/2.4/src/CHANGELOG and to the upstream
release announcements at
https://www.mail-archive.com/haproxy@formilux.org/msg43664.html
(2.4.23), and
https://www.mail-archive.com/haproxy@formilux.org/msg43901.html (2.4.24)
- Remove patches applied by upstream in debian/patches:
+ CVE-2023-40225-1.patch
+ CVE-2023-40225-2.patch
Date: 2025-04-09 13:42:57.250061+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/haproxy/2.4.24-0ubuntu0.22.04.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list