Bug 246094 - net/haproxy Please backport latest security fixes to 2020Q2
Summary: net/haproxy Please backport latest security fixes to 2020Q2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Many People
Assignee: Dmitry Sivachenko
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-01 13:39 UTC by rainer
Modified: 2020-05-02 08:16 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (demon)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description rainer 2020-05-01 13:39:54 UTC 
Hi,

this concerns
HAproxy -- serious vulnerability affecting the HPACK decoder used for HTTP/2
CVE: CVE-2020-11100
WWW: https://vuxml.FreeBSD.org/freebsd/7f829d44-7509-11ea-b47c-589cfc0f81b0.html


See also:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245282

Thanks in advance
Comment 1 commit-hook freebsd_committer freebsd_triage 2020-05-02 08:14:43 UTC 
A commit references this bug:

Author: demon
Date: Sat May  2 08:14:26 UTC 2020
New revision: 533678
URL: https://svnweb.freebsd.org/changeset/ports/533678

Log:
  MFH: 2020Q2 (minor secutiry update).
  Merge minor security-related update of haproxy ports.

  PR: 246094

  Update to version 2.0.14.
  Update to version 2.1.4.
  Update to version 1.8.25.
  Update to version 1.9.15.

  Approved by: portmgr (blanket)

Changes:
_U  branches/2020Q2/
  branches/2020Q2/net/haproxy/Makefile
  branches/2020Q2/net/haproxy/distinfo
  branches/2020Q2/net/haproxy18/Makefile
  branches/2020Q2/net/haproxy18/distinfo
  branches/2020Q2/net/haproxy19/Makefile
  branches/2020Q2/net/haproxy19/distinfo
  branches/2020Q2/net/haproxy21/Makefile
  branches/2020Q2/net/haproxy21/distinfo
Comment 2 Dmitry Sivachenko freebsd_committer freebsd_triage 2020-05-02 08:15:22 UTC 
Done, thanks for reminder!
Comment 3 rainer 2020-05-02 08:16:37 UTC 
Thanks a lot for your work!