[Buildroot] [PATCH] package/haproxy: security bump to version 2.0.10

Peter Korsgaard peter at korsgaard.com
Tue Dec 3 16:37:07 UTC 2019


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security vulnerabilities:
 > - CVE-2019-19330: The HTTP/2 implementation in HAProxy before 2.0.10
 >   mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd),
 >   line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka
 >   Intermediary Encapsulation Attacks.

 > In addition, 2.0.6..10 fixes a number of bugs.  See the changelog for
 > details:

 > https://www.haproxy.org/download/2.0/src/CHANGELOG

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

For 2019.02.x and 2019.08.x I have instead bumped to 1.9.13, which
includes the same fix.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list