Bug#949826: buster-pu: package haproxy/1.8.19-1
On Sat, Jan 25, 2020 at 02:39:04PM +0100, Vincent Bernat wrote:
> Package: release.debian.org
> Severity: normal
> Tags: buster
> User: release.debian.org@packages.debian.org
> Usertags: pu
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hey!
>
> The logrotate configuration file for HAProxy doesn't signal rsyslog
> correctly. Therefore, logs are not really rotated and on a moderately
> busy site, this can fill up a log partition. When running with
> systemd, rsyslog doesn't write a PID file and there fore, the SysV
> init script invoked to rotate logs does not work. Instead, rsyslog
> package provides an helper for this purpose.
>
> The change has been applied to 2.0.12-1 currently in unstable and
> testing. I would like to push it for the next point release next week.
If we're doing a Buster update anyway, could we also piggyback the fix
for https://nathandavison.com/blog/haproxy-http-request-smuggling (CVE-2019-18277),
https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=196a7df44d8129d1adc795da020b722614d6a581 ?
Cheers,
Moritz
Reply to: