Ubuntu Security Notice 5063-1 - Ori Hollander discovered that HAProxy incorrectly handled HTTP header name length encoding. A remote attacker could possibly use this issue to inject a duplicate content-length header and perform request smuggling attacks.
f4e2e56ce46b97faa45cc84bab033f1a97ee95fad217db2dccffed7fe8c6e543