[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#949826: buster-pu: package haproxy/1.8.19-1

On Sat, Jan 25, 2020 at 02:39:04PM +0100, Vincent Bernat wrote:
> Package: release.debian.org
> Severity: normal
> Tags: buster
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Hey!
> 
> The logrotate configuration file for HAProxy doesn't signal rsyslog
> correctly. Therefore, logs are not really rotated and on a moderately
> busy site, this can fill up a log partition. When running with
> systemd, rsyslog doesn't write a PID file and there fore, the SysV
> init script invoked to rotate logs does not work. Instead, rsyslog
> package provides an helper for this purpose.
> 
> The change has been applied to 2.0.12-1 currently in unstable and
> testing. I would like to push it for the next point release next week.

If we're doing a Buster update anyway, could we also piggyback the fix
for https://nathandavison.com/blog/haproxy-http-request-smuggling (CVE-2019-18277),
https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=196a7df44d8129d1adc795da020b722614d6a581 ?

Cheers,
        Moritz
Reply to: