diff -Nru haproxy-2.0.29/debian/changelog haproxy-2.0.29/debian/changelog
--- haproxy-2.0.29/debian/changelog	2022-08-26 20:07:24.000000000 +0000
+++ haproxy-2.0.29/debian/changelog	2023-01-19 15:50:52.000000000 +0000
@@ -1,3 +1,12 @@
+haproxy (2.0.29-0ubuntu1.1) focal-security; urgency=medium
+
+  * SECURITY UPDATE: DoS via certain interim responses
+    - debian/patches/CVE-2023-0056.patch: refuse interim responses with
+      end-stream flag set in src/mux_h2.c.
+    - CVE-2023-0056
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 19 Jan 2023 10:50:52 -0500
+
 haproxy (2.0.29-0ubuntu1) focal; urgency=medium
 
   * New upstream release (LP: #1987914).
diff -Nru haproxy-2.0.29/debian/patches/CVE-2023-0056.patch haproxy-2.0.29/debian/patches/CVE-2023-0056.patch
--- haproxy-2.0.29/debian/patches/CVE-2023-0056.patch	1970-01-01 00:00:00.000000000 +0000
+++ haproxy-2.0.29/debian/patches/CVE-2023-0056.patch	2023-01-19 15:50:52.000000000 +0000
@@ -0,0 +1,39 @@
+Backport of:
+
+From 827a6299e6995c5c3ba620d8b7cbacdaef67f2c4 Mon Sep 17 00:00:00 2001
+From: Christopher Faulet <cfaulet@haproxy.com>
+Date: Thu, 22 Dec 2022 09:47:01 +0100
+Subject: [PATCH] BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream
+ flag set
+
+As state in RFC9113#8.1, HEADERS frame with the ES flag set that carries an
+informational status code is malformed. However, there is no test on this
+condition.
+
+On 2.4 and higher, it is hard to predict consequences of this bug because
+end of the message is only reported with a flag. But on 2.2 and lower, it
+leads to a crash because there is an unexpected extra EOM block at the end
+of an interim response.
+
+Now, when a ES flag is detected on a HEADERS frame for an interim message, a
+stream error is sent (RST_STREAM/PROTOCOL_ERROR).
+
+This patch should solve the issue #1972. It should be backported as far as
+2.0.
+---
+ src/mux_h2.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/src/mux_h2.c
++++ b/src/mux_h2.c
+@@ -3935,6 +3935,10 @@ next_frame:
+ 		*flags |= H2_SF_HEADERS_RCVD;
+ 
+ 	if ((h2c->dff & H2_F_HEADERS_END_STREAM)) {
++		if (msgf & H2_MSGF_RSP_1XX) {
++			/* RFC9113#8.1 : HEADERS frame with the ES flag set that carries an informational status code is malformed */
++			goto fail;
++		}
+ 		/* Mark the end of message, either using EOM in HTX or with the
+ 		 * trailing CRLF after the end of trailers. Note that DATA_CHNK
+ 		 * is not set during headers with END_STREAM. For HTX trailers,
diff -Nru haproxy-2.0.29/debian/patches/series haproxy-2.0.29/debian/patches/series
--- haproxy-2.0.29/debian/patches/series	2022-08-26 20:07:24.000000000 +0000
+++ haproxy-2.0.29/debian/patches/series	2023-01-19 15:48:15.000000000 +0000
@@ -1,3 +1,4 @@
 0002-Use-dpkg-buildflags-to-build-halog.patch
 haproxy.service-start-after-syslog.patch
 haproxy.service-add-documentation.patch
+CVE-2023-0056.patch