Summary: | <net-proxy/haproxy-{2.0.13,2.1.4}: hpack_dht_insert (hpack-tbl.c) allows possible remote code execution (CVE-2020-11100) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ajak, bertrand, idl0r |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.mail-archive.com/haproxy@formilux.org/msg36876.html | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=701842 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 668002 | ||
Bug Blocks: |
Description
Sam James
![]() ![]() ![]() ![]() 2.0.13 and 2.1.4 have been added already and can be stabilized IMO @maintainer: thanks! @arches, please stabilise. (ppc blocked on bug 668002). amd64 stable arm stable x86 stable ppc stable. All arches stable. Resetting sanity check; keywords are not fully specified and arches are not CC-ed. @maintainer(s), please cleanup Ping. Please cleanup Maintainer, looks like the last vulnerable version in tree is 1.8.26, if that is affected it needs to be dropped. If not please let us know. Unable to check for sanity:
> no match for package: =net-proxy/haproxy-2.0.14
This issue was resolved and addressed in GLSA 202012-22 at https://security.gentoo.org/glsa/202012-22 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for cleanup. Unable to check for sanity:
> no match for package: =net-proxy/haproxy-2.0.14
There should be no version left that's affected by this bug. Cleanup done, all done. |