Hi Vincent, On Fri, May 08, 2020 at 02:03:41PM +0200, Salvatore Bonaccorso wrote: > Hi, > > On Sun, Apr 12, 2020 at 10:34:27PM +0100, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > On Sat, 2020-02-08 at 10:51 +0100, Vincent Bernat wrote: > > > ❦ 8 février 2020 08:43 +01, Salvatore Bonaccorso <car...@debian.org > > > >: > > > > > > > This needs to be rebased to the 1.8.19-1+deb10u1 which was released > > > > as > > > > DSA 4577-1 AFAICT. > > > > > > Oh, sorry. Here is the updated patch. > > > > Please go ahead. > > Too late for buster 10.4 but actually this would need to be rebased to > the 1.8.19-1+deb10u2 as there was another DSA for haproxy (but not > including this CVE fix). So the version will be 1.8.19-1+deb10u3 by > now. > > If before the next point release will be another haproxy update this > fix for the CVE can be included as well, IMHO.
Did you saw the acknowledgement from vom Adam? Could you upload to buster-proposed-updates? Regards, Salvatore
