Hi Vincent, On Sat, Aug 01, 2020 at 03:11:22PM +0200, Vincent Bernat wrote: > ❦ 31 juillet 2020 10:14 +02, Salvatore Bonaccorso: > > >> > > > This needs to be rebased to the 1.8.19-1+deb10u1 which was released > >> > > > as > >> > > > DSA 4577-1 AFAICT. > >> > > > >> > > Oh, sorry. Here is the updated patch. > >> > > >> > Please go ahead. > >> > >> Too late for buster 10.4 but actually this would need to be rebased to > >> the 1.8.19-1+deb10u2 as there was another DSA for haproxy (but not > >> including this CVE fix). So the version will be 1.8.19-1+deb10u3 by > >> now. > >> > >> If before the next point release will be another haproxy update this > >> fix for the CVE can be included as well, IMHO. > > > > Did you saw the acknowledgement from vom Adam? Could you upload to > > buster-proposed-updates? > > Hello Salvatore, > > I've just uploaded it.
Thank you! Regards, Salvatore
