import haproxy-2.4.7-1.el9

2021-12-07 11:40:16 -05:00 · 2021-12-07 11:40:16 -05:00 · a6d444d4a3
commit a6d444d4a3
parent a83a71793f
3 changed files with 10 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/haproxy-2.4.3.tar.gz
+SOURCES/haproxy-2.4.7.tar.gz
--- a/.haproxy.metadata
+++ b/.haproxy.metadata
@ -1 +1 @@
-af261bfea050ecf8b1bd3d43ae78ccfb945ef64d SOURCES/haproxy-2.4.3.tar.gz
+d3f3a4ff293cb2d9ec2085cac324698d260e2739 SOURCES/haproxy-2.4.7.tar.gz
--- a/SPECS/haproxy.spec
+++ b/SPECS/haproxy.spec
@ -7,7 +7,7 @@
 %global _hardened_build 1

 Name:           haproxy
-Version:        2.4.3
+Version:        2.4.7
 Release:        1%{?dist}
 Summary:        HAProxy reverse proxy for high availability environments

@ -134,6 +134,13 @@ exit 0
 %{_mandir}/man1/*

 %changelog
+* Wed Oct 13 2021 Ryan O'Hara <rohara@redhat.com> - 2.4.7-1
+- Update to 2.4.7 (#1966688)
+- Fix domain parts in :scheme and :path fields (CVE-2021-39240, #1998196)
+- Fix spaces in the :method field (CVE-2021-39241, #1998198)
+- Fix mismatch between :authority and Host fields (CVE-2021-39242, #1998200)
+- Fix request smuggling attack or response splitting (CVE-2021-40346, #2000621)
+
 * Tue Aug 17 2021 Ryan O'Hara <rohara@redhat.com> - 2.4.3-1
 - Update to 2.4.3 (#1966688)