[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#949826: buster-pu: package haproxy/1.8.19-1

Hi Vincent,

On Fri, May 08, 2020 at 02:03:41PM +0200, Salvatore Bonaccorso wrote:
> Hi,
> 
> On Sun, Apr 12, 2020 at 10:34:27PM +0100, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Sat, 2020-02-08 at 10:51 +0100, Vincent Bernat wrote:
> > >  ❦  8 février 2020 08:43 +01, Salvatore Bonaccorso <carnil@debian.org
> > > >:
> > > 
> > > > This needs to be rebased to the 1.8.19-1+deb10u1 which was released
> > > > as
> > > > DSA 4577-1 AFAICT.
> > > 
> > > Oh, sorry. Here is the updated patch.
> > 
> > Please go ahead.
> 
> Too late for buster 10.4 but actually this would need to be rebased to
> the 1.8.19-1+deb10u2 as there was another DSA for haproxy (but not
> including this CVE fix). So the version will be 1.8.19-1+deb10u3 by
> now.
> 
> If before the next point release will be another haproxy update this
> fix for the CVE can be included as well, IMHO.

Did you saw the acknowledgement from vom Adam? Could you upload to
buster-proposed-updates?

Regards,
Salvatore
Reply to: