From: Lucas Gabriel Vuotto <lucas@sexy.is>
Subject: Re: net/haproxy 3.2.12 - CVE
To: Mark Patruck <mark@wrapped.cx>
Cc: ports@openbsd.org
Date: Thu, 12 Feb 2026 16:22:06 +0000

On Thu, Feb 12, 2026 at 03:55:26PM +0100, Mark Patruck wrote:
> Update to net/haproxy 3.2.12 released few hours ago addressing
> CVE-2026-26080 (Truncated variant loop).
> 
> Changelog: https://www.haproxy.org/download/3.2/src/CHANGELOG
> Infos: https://www.haproxy.com/blog/cves-2026-quic-denial-of-service

Tested with QUIC on both -current and -stable; committed. Thanks!