-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 23 Dec 2023 11:02:19 +0100 Source: haproxy Architecture: source Version: 2.2.9-2+deb11u6 Distribution: bullseye-security Urgency: high Maintainer: Debian HAProxy Maintainers <team+haproxy@tracker.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 1043502 Changes: haproxy (2.2.9-2+deb11u6) bullseye-security; urgency=high . * Non-maintainer upload by the Security Team. * BUG/MAJOR: http: reject any empty content-length header value (CVE-2023-40225) (Closes: #1043502) * MINOR: ist: add new function ist_find_range() to find a character range * MINOR: ist: Add istend() function to return a pointer to the end of the string * MINOR: http: add new function http_path_has_forbidden_char() * MINOR: h2: pass accept-invalid-http-request down the request parser * BUG/MINOR: h1: do not accept '#' as part of the URI component (CVE-2023-45539) * BUG/MINOR: h2: reject more chars from the :path pseudo header * REGTESTS: http-rules: verify that we block '#' by default for normalize-uri * DOC: clarify the handling of URL fragments in requests Checksums-Sha1: 0becf203cd3be52e38f35abe8e89f43399de90ed 2470 haproxy_2.2.9-2+deb11u6.dsc 56d96d3a710415484695cd548300a49bd73fcdb9 93076 haproxy_2.2.9-2+deb11u6.debian.tar.xz 624fef302bc838ceff0d5f1530db60c9b2524868 7277 haproxy_2.2.9-2+deb11u6_source.buildinfo Checksums-Sha256: b6d7d470a115efee6bfa6b7feb741883f4febba8035d25a2e0aa6a81caae7a05 2470 haproxy_2.2.9-2+deb11u6.dsc 347cacfaa24b7de2165d8bfe15fa15dd6ab6bce4d45b075a63b019b181dc239b 93076 haproxy_2.2.9-2+deb11u6.debian.tar.xz 83234d8d92a3e78b79f8da965e4ad3173ddcc4c5c318a2ad7e3ae6dbd90370a3 7277 haproxy_2.2.9-2+deb11u6_source.buildinfo Files: c732ec27fa9736496eb16e6af5cfcbb4 2470 net optional haproxy_2.2.9-2+deb11u6.dsc 47bdae4716038484ba3e501c201c5940 93076 net optional haproxy_2.2.9-2+deb11u6.debian.tar.xz d1f502e5fc920f7d09cb96b3d9bd3ffd 7277 net optional haproxy_2.2.9-2+deb11u6_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmWNUTlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EPbAP9RfYE4+gBXEgRanaR86Ulg6ALsgRnLG+ P/XgtuMuAC96kSx55mNzp+CKUBI0t2k6/5qj0cQeen01cuiKWr+YyvJVjPN1ycmw z2Eq/+rrvGkLipJwVMGBIweEVbYM3ULLsok3MShTGd2UrPoKSPrUmDzO5oHTVeso D7cbPxfL9nmsVjun3tFZZOnDvhwtETw/JRG8mIKa5ZpXqpTnQpoPecr/sQkswi/g p5tdCYyAwY8ZsQT4xixPFd7FZGTjQta0k4vtrqTuE/2xUSGfHDm3usulXjHcS9kL Cqfz1I/Teky5PZ3IPUOt64B/d7j2AyQ20l9p5ypzL7LCpbqH5S9q7M1Zvo1A407P EGHcRClHq50GnhodJAv8DKwIpL6he0fBZaC/DWy3P3A6i1h1xTXXtk3sjaN4EHHI L/CjCP+SQIy0PM0J42bC0EJt+55nqrI+3i3bbRPfjZsa3/6Kl6zvJ2txhM22Xo8w nj8xStjacepSAS9bmdDzcbJyGGuUTmJYBwraDRiNYI2WMLGUVrTcrjEtazxyKloK 3wD9Bp9/VsVgMl7LqrG00PzHF2LYo31Efh4MebRxmufZcI99NBN2JBEpWNmHioT7 1H5Yx2G6rk0qHAjO0HFuYEfFzs1TIMWI4HHd+0balI5SGOUssBR6W5vaU//Qq7V0 XIIa6JunLrQ= =rY71 -----END PGP SIGNATURE-----