Hello,
Le 14/02/2023 à 17:52, Tim Düsterhus a écrit :
Marc,
On 2/14/23 17:44, Marc Gebauer wrote:
Listing... Done
haproxy/bullseye-backports-2.4 2.4.21-2~bpo11+1 amd64 [upgradable
from: 2.4.21-1~bpo11+1]
is this the recommend package to use for Debian (because of the
version-number 2.4.21 instead of 2.4.22) or need we to wait for repo
to be synced?
Check with 'zless /usr/share/doc/haproxy/changelog.Debian.gz' to be
sure, but this should be the correct version. The 2 after the hyphen
indicates that this the "second version of 2.4.12" or in other words:
2.4.12 + just the security fix. The real 2.4.13 with the other fixes
will likely come later.
Best regards
Tim Düsterhus
It seems OK:
haproxy (2.4.21-2~bpo11+1) bullseye-backports; urgency=medium
* Rebuild for bullseye-backports.
-- Vincent Bernat <ber...@luffy.cx> Mon, 13 Feb 2023 21:38:34 +0100
haproxy (2.4.21-2) UNRELEASED; urgency=medium
* BUG/CRITICAL: http: properly reject empty http header field names
(CVE-2023-25725).
-- Vincent Bernat <ber...@debian.org> Mon, 13 Feb 2023 21:21:05 +0100