Release date:
2023-12-19 17:56:03 UTC
Description:
* SECURITY UPDATE: Accepting '#' as part of the URI component might
allow remote attackers to obtain sensitive information or have
unspecified other impact
- debian/patches/CVE-2023-45539.patch: h1: do not accept '#' as part
of the URI component; h2: reject more chars from the :path pseudo
header
- CVE-2023-45539
Updated packages:
-
haproxy_1.6.3-1ubuntu0.3+tuxcare.els1_amd64.deb
sha:6816e403e715f46529cbeda39a0120b006a2f60c
-
haproxy-doc_1.6.3-1ubuntu0.3+tuxcare.els1_all.deb
sha:fa808c2fbed8ac248641f6e9b80e87b873a2d914
-
vim-haproxy_1.6.3-1ubuntu0.3+tuxcare.els1_all.deb
sha:670e20efab604f29d9aaa80375f963fb13e1e9d7
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
