Release date:
2023-12-26 17:27:00 UTC
Description:
* SECURITY UPDATE: Accepting '#' as part of the URI component might
allow remote attackers to obtain sensitive information or have
unspecified other impact
- debian/patches/CVE-2023-45539.patch: h1: do not accept '#' as part
of the URI component; h2: reject more chars from the :path pseudo
header
- CVE-2023-45539
Updated packages:
-
haproxy_1.8.8-1ubuntu0.13.tuxcare.els2_amd64.deb
sha:fb5fee13694d583d8db6cb925aa79e9c09d0b5e7
-
haproxy-doc_1.8.8-1ubuntu0.13.tuxcare.els2_all.deb
sha:c21e91a67db7ca70f3d3edc46ec146806820b6bb
-
vim-haproxy_1.8.8-1ubuntu0.13.tuxcare.els2_all.deb
sha:402a63c9d995299152975bab80fa51781992e512
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
