openSUSE has issued an advisory today (September 7): https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z6TTUW6SSY2VZZGE3CPYLSNSIBVPT2RR/ The issue is fixed upstream in 2.4.4: https://www.haproxy.org/download/2.4/src/CHANGELOG https://www.haproxy.com/blog/september-2021-duplicate-content-length-header-fixed/ https://www.mail-archive.com/haproxy@formilux.org/msg41114.html https://www.mail-archive.com/haproxy@formilux.org/msg41115.html
Status comment: (none) => Fixed upstream in 2.4.4CC: (none) => jani.valimaa
Debian has issued an advisory for this on September 7: https://www.debian.org/security/2021/dsa-4968 Ubuntu has issued an advisory for this today (September 8): https://ubuntu.com/security/notices/USN-5063-1
Fedora has issued an advisory for this today (September 16): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/A7V2IYO22LWVBGUNZWVKNTMDV4KINLFO/
Severity: normal => major
Status: NEW => ASSIGNED
2.4.4 pushed to cauldron
haproxy-2.4.4-1.mga9 uploaded for Cauldron by Bruno.
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED