Accepted haproxy 2.6.12-1+deb12u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted haproxy 2.6.12-1+deb12u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Fri, 29 Dec 2023 12:17:08 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: haproxy_2.6.12-1+deb12u1_source.changes
- Debian-source: haproxy
- Debian-suite: proposed-updates
- Debian-version: 2.6.12-1+deb12u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=1tGcYbgzisdFpBYCkRtOuUK7nWdt9SrEYRLs75kZeKc=; b=jyi6KCoXi8RZmj/kFOQ2X8aqqO wW1PvSUflJBDX2HTyDVs7qDYNvFJyMxUzJD8PxrPcOpHgGHGMNj4sJS2/XOYMcPWcrdZg21rV0cL1 K6AXsITHtcy+SitnES/9nCdbYs//0ClmLAZricQXJkWtMTDyu8oiy61dTBAXs8omUQHFhkh9Va0An Woh5DHd5flRz3hnCGg0vrKQRPSFAMz9fARpp8zyqdA3R0eYAREQOHlODuZya7P39QC/ZiqrgYQBYu 3280ITphrZneFMnIFnka9ebxJHuPlKoVrc5zLjA5R8hzBdg5Vg4bh5CVvTSHruh8zgs+Q/E66po6v cI8zdIYQ==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1rJBnY-004LQz-4O@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 16 Dec 2023 17:41:30 +0100
Source: haproxy
Architecture: source
Version: 2.6.12-1+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian HAProxy Maintainers <team+haproxy@tracker.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1043502
Changes:
haproxy (2.6.12-1+deb12u1) bookworm-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* REORG: http: move has_forbidden_char() from h2.c to http.h
* BUG/MAJOR: h3: reject header values containing invalid chars
* BUG/MAJOR: http: reject any empty content-length header value
(CVE-2023-40225) (Closes: #1043502)
* MINOR: ist: add new function ist_find_range() to find a character range
* MINOR: http: add new function http_path_has_forbidden_char()
* MINOR: h2: pass accept-invalid-http-request down the request parser
* REGTESTS: http-rules: add accept-invalid-http-request for normalize-uri
tests
* BUG/MINOR: h1: do not accept '#' as part of the URI component
(CVE-2023-45539)
* BUG/MINOR: h2: reject more chars from the :path pseudo header
* BUG/MINOR: h3: reject more chars from the :path pseudo header
* REGTESTS: http-rules: verify that we block '#' by default for
normalize-uri
* DOC: clarify the handling of URL fragments in requests
Checksums-Sha1:
48d9e71d3278b144ae485eb55dd29ec3d889833a 2529 haproxy_2.6.12-1+deb12u1.dsc
d12745cff8fbcdd82d4d6fe1fc679d3bdb871c4c 4060878 haproxy_2.6.12.orig.tar.gz
95a59df2801d33e55678cb0a6635008d291d9d0c 85884 haproxy_2.6.12-1+deb12u1.debian.tar.xz
323a9fe921f16d0cd513c54b6c6f0ff8ae35f823 7281 haproxy_2.6.12-1+deb12u1_source.buildinfo
Checksums-Sha256:
96b43083226a0c2c79f4fb869efb5d829e44726b58ec99fde3f8b09eb88ea726 2529 haproxy_2.6.12-1+deb12u1.dsc
58f9edb26bf3288f4b502658399281cc5d6478468bd178eafe579c8f41895854 4060878 haproxy_2.6.12.orig.tar.gz
8d0f3ab86c34728e8cb7c331d659453949d8dd143d9dd7dbe63a1d54cd164a5b 85884 haproxy_2.6.12-1+deb12u1.debian.tar.xz
bd5d37f28f5f1b5fd3e45bbeaa963c6854f2bd96ff120dc2920675b1db0a9c9e 7281 haproxy_2.6.12-1+deb12u1_source.buildinfo
Files:
9818de16eee29247f778297e461b67e4 2529 net optional haproxy_2.6.12-1+deb12u1.dsc
215f5c315e5881f19b974c1d48581098 4060878 net optional haproxy_2.6.12.orig.tar.gz
b2e415d63ed06458635a09edfbccb8aa 85884 net optional haproxy_2.6.12-1+deb12u1.debian.tar.xz
aafc98dbc5fbe52c67e56033d0c7d7e1 7281 net optional haproxy_2.6.12-1+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWGjbBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EcYoP+wfEXSgqobEgEgAw3P3ZbfRsmp+m+iXD
tEzcfmk0HQi2ggKa5ZNtw2goF9oUevfbPg9KOQ+rKaSTftpe6IfESGm1lSyfQAZn
pqgDm6yk2CJR3conwRdyGfYltzjn3HndxUqVQfCRVxC7ZLwvH1Qjp6mJcUbUJGzM
G38KbzLBAdIqJYKq+V1XQvaOL5zE1n8nTo0KTJwDJ62oNPIygKa/QPU6eGgMjTvu
TYU2DPD7oROlQ4hYIOmk22xcDRafDPYkE3axEC7SUfl575YQaLIXLnhbALp+2lSv
+j66KNwwFCttV08SJP44jnukc/CaXu8Y+7kATu0gx9uZgIHveXTiuSmKV7MonKsk
fxkU9V1UY29agTAIkuk/LVSDHkBXdmGCdNj4sBgRXDufj4K/Z65KYeS+3ET/gN7v
P/5zheo7hMPu4wh/viq5/UhPzxRKSUTtyIet2a+/29jJGnHweJT4yPpHwPSCPgnt
Yxjmgo9wyj1xExUOvIGrC+bz/CxwQo3V2lrP/LWBQ3PTll32kRz5OR9wrflmwnDp
RuKtGIvDaL5F/UnAz41vVTPpXnmPwA87P+uamIzLhPi+VycZzLHPJl2lMPnw39VY
a38wJKbU1/FfLVjFYxdYG7/Bt9zBcjF0Th/gZ0O7U0vJS6aBWYDU/hpc6DG29Pyk
EWu0dXFAoPgP
=eVWj
-----END PGP SIGNATURE-----