[Buildroot] [PATCH 1/1] package/haproxy: security bump to version 2.1.4

Peter Korsgaard peter at korsgaard.com
Thu Apr 9 06:33:36 UTC 2020


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > - Fix CVE-2020-11100: In hpack_dht_insert in hpack-tbl.c in the HPACK
 >   decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can
 >   write arbitrary bytes around a certain location on the heap via a
 >   crafted HTTP/2 request, possibly causing remote code execution.
 > - Update indentation of hash file (two spaces)

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list