[Git][security-tracker-team/security-tracker][master] Add CVE-2023-45539/haproxy

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b51133a7 by Salvatore Bonaccorso at 2023-11-28T21:37:42+01:00
Add CVE-2023-45539/haproxy

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,7 +41,11 @@ CVE-2023-48121 (An authentication bypass vulnerability in the Direct Connection
 CVE-2023-48042 (Amazzing Filter for Prestashop through 3.2.2 is vulnerable to Cross-Si ...)
 	NOT-FOR-US: Amazzing Filter for Prestashop
 CVE-2023-45539 (HAProxy before 2.8.2 accepts # as part of the URI component, which mig ...)
-	TODO: check
+	- haproxy 2.6.15-1
+	NOTE: https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html
+	NOTE: https://github.com/haproxy/haproxy/commit/2eab6d354322932cfec2ed54de261e4347eca9a6 (v2.9-dev3)
+	NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=832b672eee54866c7a42a1d46078cc9ae0d544d9 (v2.6.15)
+	NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=178cea76b1c9d9413afa6961b6a4576fcb5b26fa (v2.3.31)
 CVE-2023-45286 (A race condition in go-resty can result in HTTP request body disclosur ...)
 	TODO: check
 CVE-2023-42505 (An authenticated user with read permissions on database connections me ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b51133a722b90be9b0c41d093d1e79c58bde45b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b51133a722b90be9b0c41d093d1e79c58bde45b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231128/bcf97c27/attachment.htm>