* [Buildroot] [PATCH 1/1] package/haproxy: security bump to version 2.4.15
@ 2022-04-10 17:32 Fabrice Fontaine
2022-04-10 20:04 ` Peter Korsgaard
2022-04-10 21:48 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-04-10 17:32 UTC (permalink / raw)
To: buildroot; +Cc: Fabrice Fontaine
Fix CVE-2022-0711: A flaw was found in the way HAProxy processed HTTP
responses containing the "Set-Cookie2" header. This flaw could allow an
attacker to send crafted HTTP response packets which lead to an infinite
loop, eventually resulting in a denial of service condition. The highest
threat from this vulnerability is availability.
https://www.mail-archive.com/haproxy@formilux.org/msg41963.html
https://www.mail-archive.com/haproxy@formilux.org/msg41873.html
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/haproxy/haproxy.hash | 4 ++--
package/haproxy/haproxy.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/haproxy/haproxy.hash b/package/haproxy/haproxy.hash
index e3120b521f..18834c29b1 100644
--- a/package/haproxy/haproxy.hash
+++ b/package/haproxy/haproxy.hash
@@ -1,5 +1,5 @@
-# From: http://www.haproxy.org/download/2.4/src/haproxy-2.4.13.tar.gz.sha256
-sha256 4788fe975fe7e521746f826c25e80bc95cd15983e2bafa33e43bff23a3fe5ba1 haproxy-2.4.13.tar.gz
+# From: http://www.haproxy.org/download/2.4/src/haproxy-2.4.15.tar.gz.sha256
+sha256 3958b17b7ee80eb79712aaf24f0d83e753683104b36e282a8b3dcd2418e30082 haproxy-2.4.15.tar.gz
# Locally computed:
sha256 0717ca51fceaa25ac9e5ccc62e0c727dcf27796057201fb5fded56a25ff6ca28 LICENSE
sha256 5df07007198989c622f5d41de8d703e7bef3d0e79d62e24332ee739a452af62a doc/lgpl.txt
diff --git a/package/haproxy/haproxy.mk b/package/haproxy/haproxy.mk
index c162a4c3f4..d50821d8c9 100644
--- a/package/haproxy/haproxy.mk
+++ b/package/haproxy/haproxy.mk
@@ -5,7 +5,7 @@
################################################################################
HAPROXY_VERSION_MAJOR = 2.4
-HAPROXY_VERSION = $(HAPROXY_VERSION_MAJOR).13
+HAPROXY_VERSION = $(HAPROXY_VERSION_MAJOR).15
HAPROXY_SITE = http://www.haproxy.org/download/$(HAPROXY_VERSION_MAJOR)/src
HAPROXY_LICENSE = GPL-2.0+ and LGPL-2.1+ with exceptions
HAPROXY_LICENSE_FILES = LICENSE doc/lgpl.txt doc/gpl.txt
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/haproxy: security bump to version 2.4.15
2022-04-10 17:32 [Buildroot] [PATCH 1/1] package/haproxy: security bump to version 2.4.15 Fabrice Fontaine
@ 2022-04-10 20:04 ` Peter Korsgaard
2022-04-10 21:48 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-04-10 20:04 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Fix CVE-2022-0711: A flaw was found in the way HAProxy processed HTTP
> responses containing the "Set-Cookie2" header. This flaw could allow an
> attacker to send crafted HTTP response packets which lead to an infinite
> loop, eventually resulting in a denial of service condition. The highest
> threat from this vulnerability is availability.
> https://www.mail-archive.com/haproxy@formilux.org/msg41963.html
> https://www.mail-archive.com/haproxy@formilux.org/msg41873.html
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/haproxy: security bump to version 2.4.15
2022-04-10 17:32 [Buildroot] [PATCH 1/1] package/haproxy: security bump to version 2.4.15 Fabrice Fontaine
2022-04-10 20:04 ` Peter Korsgaard
@ 2022-04-10 21:48 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-04-10 21:48 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> Fix CVE-2022-0711: A flaw was found in the way HAProxy processed HTTP
> responses containing the "Set-Cookie2" header. This flaw could allow an
> attacker to send crafted HTTP response packets which lead to an infinite
> loop, eventually resulting in a denial of service condition. The highest
> threat from this vulnerability is availability.
> https://www.mail-archive.com/haproxy@formilux.org/msg41963.html
> https://www.mail-archive.com/haproxy@formilux.org/msg41873.html
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-04-10 21:48 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-10 17:32 [Buildroot] [PATCH 1/1] package/haproxy: security bump to version 2.4.15 Fabrice Fontaine
2022-04-10 20:04 ` Peter Korsgaard
2022-04-10 21:48 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.