package/haproxy: security bump to version 2.0.14
- Fix CVE-2020-11100: In hpack_dht_insert in hpack-tbl.c in the HPACK
decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can
write arbitrary bytes around a certain location on the heap via a
crafted HTTP/2 request, possibly causing remote code execution.
https://www.mail-archive.com/haproxy@formilux.org/msg36877.html
- Update indentation of hash file (two spaces)
Furthermore, 2.0.11..2.0.13 contains a number of bugfixes.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2 files changed