Package: haproxy; Maintainer for haproxy is (unknown); Source for haproxy is src:haproxy.
Reported by: gr0 bUst4 <bUst4gr0@riseup.net>
Date: Mon, 28 Oct 2024 10:38:01 UTC
Severity: normal
Tags: debian
đź”— View this message in rfc822 format
X-Loop: owner@bugs.devuan.org Subject: bug#863: haproxy forward upgrade and connection headers as default (h2c request smuggling) Reply-To: gr0 bUst4 <bUst4gr0@riseup.net>, 863@bugs.devuan.org Resent-From: gr0 bUst4 <bUst4gr0@riseup.net> Resent-To: devuan-bugs@lists.dyne.org Resent-CC: devuan-dev@lists.dyne.org X-Loop: owner@bugs.devuan.org Resent-Date: Mon, 28 Oct 2024 10:38:01 +0000 Resent-Message-ID: <handler.863.B.173011185824180@bugs.devuan.org> Resent-Sender: owner@bugs.devuan.org X-Devuan-PR-Message: report 863 X-Devuan-PR-Package: haproxy X-Devuan-PR-Keywords: Received: via spool by submit@bugs.devuan.org id=B.173011185824180 (code B); Mon, 28 Oct 2024 10:38:01 +0000 Received: (at submit) by bugs.devuan.org; 28 Oct 2024 10:37:38 +0000 Delivered-To: bugs@devuan.org Received: from email.devuan.org [2a01:4f9:fff1:13::5fd9:f9e4] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Mon, 28 Oct 2024 10:37:38 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id TJMbBVhpH2fcZgAAmSBk0A (envelope-from <bUst4gr0@riseup.net>) for <bugs@devuan.org>; Mon, 28 Oct 2024 10:37:12 +0000 Received: by email.devuan.org (Postfix, from userid 109) id E30C63FF; Mon, 28 Oct 2024 10:37:11 +0000 (UTC) Authentication-Results: email.devuan.org; dkim=pass (1024-bit key; secure) header.d=riseup.net header.i=@riseup.net header.a=rsa-sha256 header.s=squak header.b=ERWJ+yiT; dkim-atps=neutral X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=198.252.153.6; helo=mx0.riseup.net; envelope-from=bust4gr0@riseup.net; receiver=<UNKNOWN> Received: from mx0.riseup.net (mx0.riseup.net [198.252.153.6]) by email.devuan.org (Postfix) with ESMTPS id 54A6F4B for <submit@bugs.devuan.org>; Mon, 28 Oct 2024 10:37:07 +0000 (UTC) Received: from fews02-sea.riseup.net (fews02-sea-pn.riseup.net [10.0.1.112]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx0.riseup.net (Postfix) with ESMTPS id 4XcVFC4lNkz9vWB for <submit@bugs.devuan.org>; Mon, 28 Oct 2024 10:37:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1730111823; bh=uVK85ZhjhRly+eqne0bZfDZWjh90+rf+G2ND00xv5TQ=; h=Date:Subject:References:From:To:In-Reply-To:From; b=ERWJ+yiTqzai1uGu12vuu3bEX1jj/bVeaBvbdYAT9pmfNNC+PyCo7xC3Y7/RAp4LU 0Ri5/Z7NAJ7rUZYuShcEULuBIDpeowemRFC/my5I7vbIjPB84kKup0WYSkqe+6chud V6mU8Vic0WlVCYQEwq/MrDkrsswHIQS1ippizrus= X-Riseup-User-ID: 46C2C284AD90089F16D15E83560889ED43187EED0E3F790F7152CF5ACB2B6689 Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews02-sea.riseup.net (Postfix) with ESMTPSA id 4XcVFC04lQzFtTK for <submit@bugs.devuan.org>; Mon, 28 Oct 2024 10:37:02 +0000 (UTC) Content-Type: multipart/alternative; boundary="------------iINTW0xkWoq4uDLUV0R3owpG" Message-ID: <33a6301a-2146-4b07-921e-724a2432c796@riseup.net> Date: Mon, 28 Oct 2024 10:32:09 +0000 MIME-Version: 1.0 Content-Language: en-US From: gr0 bUst4 <bUst4gr0@riseup.net> To: submit@bugs.devuan.org In-Reply-To: <20241028060840.GA6398@haproxy.com> X-Forwarded-Message-Id: <20241028060840.GA6398@haproxy.com>
[Message part 1 (text/plain, inline)]
[Message part 2 (text/html, inline)]
Send a report that this bug log contains spam.
Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified:
Thu Oct 31 05:29:39 2024;