This bug was fixed in the package haproxy - 3.0.10-1ubuntu1
---------------
haproxy (3.0.10-1ubuntu1) questing; urgency=medium
* Merge with Debian unstable (LP: #2110439). Remaining changes:
- d/{control,rules}: Remove support for OpenTracing due to it being
in universe
* Dropped changes:
- d/{control,rules}: do not link against jemalloc (universe)
This can be dropped after (LP #2088056) got accepted.
[ jemalloc is now in main ]
- SECURITY UPDATE: heap overflow in sample_conv_regsub
+ debian/patches/CVE-2025-32464.patch: fix risk of overflow when
replacing multiple regex back-refs in src/sample.c.
+ CVE-2025-32464
[ Fixed in 3.0.10 ]
-- Athos Ribeiro <[email protected]> Tue, 20 May 2025
12:27:08 -0300
** Changed in: haproxy (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-32464
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2110439
Title:
Merge haproxy from Debian Unstable for questing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/2110439/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
