[Buildroot] [PATCH 1/1] package/haproxy: security bump to version 2.1.4

Peter Korsgaard peter at korsgaard.com
Thu Apr 9 07:46:16 UTC 2020


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > - Fix CVE-2020-11100: In hpack_dht_insert in hpack-tbl.c in the HPACK
 >   decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can
 >   write arbitrary bytes around a certain location on the heap via a
 >   crafted HTTP/2 request, possibly causing remote code execution.
 > - Update indentation of hash file (two spaces)

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2019.02.x (1.9.15), 2019.11.x (2.0.14) and 2020.02.x, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list