Your message dated Sun, 04 May 2025 11:32:09 +0000
with message-id <[email protected]>
and subject line Bug#1102673: fixed in haproxy 2.6.12-1+deb12u2
has caused the Debian Bug report #1102673,
regarding haproxy: CVE-2025-32464
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1102673: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102673
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: haproxy
Version: 3.0.9-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2.6.12-1+deb12u1
Control: found -1 2.6.12-1
Hi,
The following vulnerability was published for haproxy.
CVE-2025-32464[0]:
| HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a
| sample_conv_regsub heap-based buffer overflow because of mishandling
| of the replacement of multiple short patterns with a longer one.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-32464
https://www.cve.org/CVERecord?id=CVE-2025-32464
[1]
https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: haproxy
Source-Version: 2.6.12-1+deb12u2
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
haproxy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated haproxy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 29 Apr 2025 16:56:20 +0300
Source: haproxy
Architecture: source
Version: 2.6.12-1+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Debian HAProxy Maintainers <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1102673
Changes:
haproxy (2.6.12-1+deb12u2) bookworm; urgency=medium
.
* Non-maintainer upload.
* CVE-2025-32464: heap buffer overflow in sample_conv_regsub()
(Closes: #1102673)
Checksums-Sha1:
269e629c3ea5de4565fb305560da2eba665ea6ca 2374 haproxy_2.6.12-1+deb12u2.dsc
d12745cff8fbcdd82d4d6fe1fc679d3bdb871c4c 4060878 haproxy_2.6.12.orig.tar.gz
292f56dc176fde0182ef64ef673fd112e6ccf03a 86932
haproxy_2.6.12-1+deb12u2.debian.tar.xz
Checksums-Sha256:
7b5659d36647afba8ea04ac2c3d5e012c74c3db2f72a9cdc2a797632a910ad86 2374
haproxy_2.6.12-1+deb12u2.dsc
58f9edb26bf3288f4b502658399281cc5d6478468bd178eafe579c8f41895854 4060878
haproxy_2.6.12.orig.tar.gz
275e55e6c3f2fa12d4d6751e4b20878d9ab462f5c3367f1d113f73b31e26bb5d 86932
haproxy_2.6.12-1+deb12u2.debian.tar.xz
Files:
93b59d8709f67a1ee4426454b1b0b490 2374 net optional haproxy_2.6.12-1+deb12u2.dsc
215f5c315e5881f19b974c1d48581098 4060878 net optional
haproxy_2.6.12.orig.tar.gz
4d7832115cd26e915cfd853d6e10cde7 86932 net optional
haproxy_2.6.12-1+deb12u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmgWZ7EACgkQiNJCh6LY
mLH86hAAvgUURy8Uqi77tYIEu8jfo+McZKTUzbp3Rf/Y2rLXhl8Ng0L1BjfmGRwC
M9a2j9fGzuHcB19qn5IXY8TAT2D0JKn07EoN6zOqD6czom0CVHIw76RZFkte2+dE
GoMSkkb5lv12IvOL6IO/WFmocyCFGqhRcKOcmLutS7zOEijPjJkRTCC1hSbAvvy6
r9eRMpoueO4CnF4nUUfszGt3Hpr348FqfpjQ/VRUAxeOUfk2qWSinS0Nx+72LW6/
LUPuyGTeAsgC8Rhn1KPprugbCe0HFRCXb5XiC0oHOUH6xchJrNOy8ADR1HNSHVAx
ncajKBGcPhSGuK7wIItbieLnlNIHFPB1f6X0I7SE1rLlB4KjY9sEKn1jqWAdquzB
AVO7BAWYKqXzJSgVisHkcJhDb+3c3/2vy/KbYpKwNauFG7OxBTfIg0ZRUkW/F+7D
CutjrA/tKAbhBLHAvrc+iOAPpgZAeEsv2aqQiCwEjXelElQxET9TevmoA1CQ3SOH
wTIhtuueDDc3mRPTJenwXH0BzO+jKv81l6zW45hwfaJStfbszsqnvd5ULXtiyFI9
KLO0QeP+0v3SezPKgEF1s425PHAKw8B0ZJia1QhZz/OEm4YVfE5RLjm6doMBntnL
o15rOvyZhZSpZIbiLhHevV4wTAXH0tNFA+G44zH53Xhp5rs1RMQ=
=Rehp
-----END PGP SIGNATURE-----
pgpgxzQdODf0G.pgp
Description: PGP signature
--- End Message ---
