Candidate: CVE-2014-6269
PublicDate: 2014-09-30 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6269
 http://article.gmane.org/gmane.comp.web.haproxy/17726
 http://article.gmane.org/gmane.comp.web.haproxy/18097
Description:
 Multiple integer overflows in the http_request_forward_body function in
 proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to
 cause a denial of service (crash) via a large stream of data, which
 triggers a buffer overflow and an out-of-bounds read.
Ubuntu-Description:
Notes:
 jdstrand> per upstream only 1.5-dev23 and higher
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_haproxy:
 other: http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c
upstream_haproxy: released (1.5.4-1)
lucid_haproxy: not-affected
precise_haproxy: not-affected
trusty_haproxy: not-affected (1.4.24-2)
trusty/esm_haproxy: DNE (trusty was not-affected [1.4.24-2])
devel_haproxy: not-affected (1.5.4-1)