[Buildroot] [PATCH] package/haproxy: security bump to version 2.4.4

Peter Korsgaard peter at korsgaard.com
Sun Sep 12 19:08:17 UTC 2021


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > - CVE-2021-40346: An integer overflow exists in HAProxy 2.0 through 2.5 in
 >   the htx_add_header() can be exploited to perform an HTTP request smuggling
 >   attack, allowing an attacker to bypass all configured http-request HAProxy
 >   ACLs and possibly other ACLs.

 > For more details, see the advisory:
 > https://www.mail-archive.com/haproxy@formilux.org/msg41114.html

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed to 2021.08.x, thanks. For 2021.02.x and 2021.05.x I have
bumped to 2.2.17 instead which contains the same fix.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list