Information on source package haproxy

Available versions

ReleaseVersion
jessie1.5.8-3+deb8u2
jessie (security)1.5.8-3+deb8u1
stretch1.7.5-2
buster1.8.14-1
sid1.8.15-1

Open issues

BugjessiestretchbustersidDescription
TEMP-0000000-B9CD89vulnerable (no DSA)fixedfixedfixedBUG/MAJOR: http: prevent risk of reading past end with balance url_param
TEMP-0000000-1F321Dvulnerable (no DSA)fixedfixedfixedBUG/MAJOR: http: don't read past buffer's end in http_replace_value
CVE-2018-20103fixedvulnerablevulnerablefixedAn issue was discovered in dns.c in HAProxy through 1.8.14. In the case ...
CVE-2018-20102fixedvulnerablevulnerablefixedAn out-of-bounds read in dns_validate_dns_response in dns.c was ...

Resolved issues

BugDescription
CVE-2018-14645A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, ...
CVE-2018-11469Incorrect caching of responses to requests including an Authorization ...
CVE-2018-10184An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame ...
CVE-2016-5360HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, ...
CVE-2015-3281The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and ...
CVE-2014-6269Multiple integer overflows in the http_request_forward_body function ...
CVE-2013-2175HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to ...
CVE-2013-1912Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through ...
CVE-2012-2942Buffer overflow in the trash buffer in the header capture ...

Security announcements

DSA / DLADescription
DSA-3301-1haproxy - security update
DSA-2711-1haproxy - several
Search for package or bug name: Reporting problems