Accepted haproxy 1.8.19-1+deb10u5 (source) into oldoldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted haproxy 1.8.19-1+deb10u5 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 14 Dec 2023 14:40:20 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: haproxy_1.8.19-1+deb10u5_amd64.changes
- Debian-source: haproxy
- Debian-suite: oldoldstable
- Debian-version: 1.8.19-1+deb10u5
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=r0vpAckIhm7mNLkfLij5FpB6lDt+OFO6Q6pN3MIjxzg=; b=Fs+rMKOsxSCgWrE/77rbUlsT08 QwZYJra9saKstVNk/y/E+7lqFojmIP9zabcTk5dPh1PavLOI71FKsX4YCw4KZVPQiNmIRAZ6DQ2mg vZL8Rmfm50njnH8lA5HlC0ZuIpOxP5oefuDh01ToAhD3oZobWPFlOglMu2pxPkujQT1vDdv0y3I/m tid3Hp/g9LSheEBHBc5L1v001jMXHE6pHUHKFM8Mj0EtJzMA0xiKMyPyj8U7f0eKwmw8NAUL1Lx64 lKRm1uE3KBkNDNPUaF8DK+c9JiXmhxZJFqo5C4DZgyAMgPXLRPyE9YXh7maHwNFZ23qTvOctABwcp MG26DHxQ==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1rDmsu-006Phe-6g@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 14 Dec 2023 13:54:40 +0000
Source: haproxy
Built-For-Profiles: nocheck
Architecture: source
Version: 1.8.19-1+deb10u5
Distribution: buster-security
Urgency: high
Maintainer: Debian HAProxy Maintainers <haproxy@tracker.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Changes:
haproxy (1.8.19-1+deb10u5) buster-security; urgency=high
.
* Non-maintainer upload by the Debian LTS team.
* CVE-2023-45539: HAProxy before 2.8.2 accepted the "#" (ie. the "pound" or
"hash" symbol) as part of a URI component. This might have allowed remote
attackers to obtain sensitive information upon HAProxy's misinterpretation
of a "path_end" rule (eg. routing "index.html#.png" to a static server).
Checksums-Sha1:
e6791836d1dc388e6713707e287944f082cc063a 2294 haproxy_1.8.19-1+deb10u5.dsc
0bf50281177405a1e199d1cf89cdbeb348d60c43 75340 haproxy_1.8.19-1+deb10u5.debian.tar.xz
eecb69b806ea96efc75b6408fddff43e9cebb7e3 8757 haproxy_1.8.19-1+deb10u5_amd64.buildinfo
Checksums-Sha256:
efc825f5b39113a70b7a573c31894529595e59531177fa679882a695a4a19115 2294 haproxy_1.8.19-1+deb10u5.dsc
dcd46f50e69dbcdcef008b1869aa6528da11a9672ee95f305ca403f7e267f7be 75340 haproxy_1.8.19-1+deb10u5.debian.tar.xz
2e4bd62d3a83ebecf826122ea87b8251518ab0c327d60f3bff598d00e712f0e0 8757 haproxy_1.8.19-1+deb10u5_amd64.buildinfo
Files:
7168cc66fde96a9caf5c9250ac8f3a57 2294 net optional haproxy_1.8.19-1+deb10u5.dsc
540f95cb8624517a6d93dd9fe6f59dac 75340 net optional haproxy_1.8.19-1+deb10u5.debian.tar.xz
4c4c3d7f8cf3d4c63cae9f3d9523b209 8757 net optional haproxy_1.8.19-1+deb10u5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmV7EQEACgkQHpU+J9Qx
Hljg0g//evUgvx3EUq4G8m7WWKKWboq74s9s4F510c1KwcXNfFjyclbukYWs2wDP
gUj+6J2wZAQXQHmqimt7QZLAhi02PaBXd/1dhHogkAjLXW9qbLy0ljHdR6svmfin
SdYbfrzHpevgCIl8gzPPaEY2AxiVzJ7Wj46pXo+P4UKy1SABBIo8HR4+LJYC9iWL
DuMVjsIC+Zm60a67RuZ3jBZ54UP4lXdH0d5rEcHiSR/g2HLjrDP4O9QXdzoXaf76
2hsdrAJKFOVSFHsinwA7VNRxEmdVatMfHfwzRM8a2Xwn1qOSs+ephcd6b4EAMH2v
V+gL8OchZ0nrSU0JLRz7u+LCvv6yfIc3XTaV3XcCEFr0PwXyu1eXT+oNzHVixBJo
xsZTd4TOw/XWUv+mxAwXxhqsPJoprFWkkj9Qftm5nSVnDzhj1BLcnO2y6V+ELtcb
enWzK5dAX84qyBOF2GnyNhJo8YZPLpfxq6opCVQYgTYOO0FVUxY1N8TZlWhF4TJa
TDFChDC7K8cb2RzSUthHzR8GUopHflnbidBzpCN+JGFwpaSQDB/yi8anB42Oe+bf
op7rY6QWSSmxelVgMlOWyOv5d27DD2BgfSOknR3I09276RV/dHe1sukAm3a5DxQ8
i9K7Fu0GLO7x4ObeetvMLlIKJWpBpZrAEmu3ORjWyoRRnKF+WSg=
=lLHA
-----END PGP SIGNATURE-----