** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Ubuntu High Availability Team, which is subscribed to haproxy in Ubuntu. https://bugs.launchpad.net/bugs/1118160
Title: HAProxy Secure / HttpOnly Flag Cookie Weakness Status in “haproxy” package in Ubuntu: New Bug description: HAProxy contains a weakness due to not supporting certain security- related flags for cookies. By not supporting the 'Secure' or 'HttpOnly' cookies, applications behind the proxy become more susceptible to cookie stealing attacks. The solution is to upgrade to version 1.5-DEV11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. More detail here: http://osvdb.org/82768 Please work on updating the Ubuntu packages to v1.5 asap. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/haproxy/+bug/1118160/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~ubuntu-ha Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-ha More help : https://help.launchpad.net/ListHelp
