Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
HAProxy Security Update (CVE-2023-25725) (mail-archive.com)
40 points by peanball on Feb 15, 2023 | hide | past | favorite | 6 comments


CVE-2023-25725 on Debian: https://security-tracker.debian.org/tracker/CVE-2023-25725

It's fixed in 2.2.9-2+deb11u4.


Just to clarify some doubts, distro packages issued yesterday all have the fix in them even if the base version number appears older.


   Branch     Vulnerable               Fixed      Maintained until
   ---------+------------------------+----------+-----------------
   ...
   2.4        2.4.0 .. 2.4.21          2.4.12       2026-Q2 (LTS)
So 2.4 was fixed a long time ago? I just did an update and got 2.4.21, so I'm still vulnerable!


I think this was a typo in the table. 2.4.22 was released alongside the other fixed versions.


confirmed, thanks for correcting me. Dealing with such reports across many versions and copy-pasting lots of data & Git commit IDs is extremely prone to failures, even after careful re-reading.


please tell me this won't be part of phased updates




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: