diff -Nru haproxy-2.4.18/debian/changelog haproxy-2.4.18/debian/changelog
--- haproxy-2.4.18/debian/changelog	2022-08-25 18:52:23.000000000 +0000
+++ haproxy-2.4.18/debian/changelog	2023-01-19 15:47:52.000000000 +0000
@@ -1,3 +1,12 @@
+haproxy (2.4.18-0ubuntu1.1) jammy-security; urgency=medium
+
+  * SECURITY UPDATE: DoS via certain interim responses
+    - debian/patches/CVE-2023-0056.patch: refuse interim responses with
+      end-stream flag set in src/mux_h2.c.
+    - CVE-2023-0056
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 19 Jan 2023 10:47:52 -0500
+
 haproxy (2.4.18-0ubuntu1) jammy; urgency=medium
 
   * New upstream release (LP: #1987914). Major bug fixes according to the
diff -Nru haproxy-2.4.18/debian/patches/CVE-2023-0056.patch haproxy-2.4.18/debian/patches/CVE-2023-0056.patch
--- haproxy-2.4.18/debian/patches/CVE-2023-0056.patch	1970-01-01 00:00:00.000000000 +0000
+++ haproxy-2.4.18/debian/patches/CVE-2023-0056.patch	2023-01-19 15:47:45.000000000 +0000
@@ -0,0 +1,38 @@
+From 827a6299e6995c5c3ba620d8b7cbacdaef67f2c4 Mon Sep 17 00:00:00 2001
+From: Christopher Faulet <cfaulet@haproxy.com>
+Date: Thu, 22 Dec 2022 09:47:01 +0100
+Subject: [PATCH] BUG/MEDIUM: mux-h2: Refuse interim responses with end-stream
+ flag set
+
+As state in RFC9113#8.1, HEADERS frame with the ES flag set that carries an
+informational status code is malformed. However, there is no test on this
+condition.
+
+On 2.4 and higher, it is hard to predict consequences of this bug because
+end of the message is only reported with a flag. But on 2.2 and lower, it
+leads to a crash because there is an unexpected extra EOM block at the end
+of an interim response.
+
+Now, when a ES flag is detected on a HEADERS frame for an interim message, a
+stream error is sent (RST_STREAM/PROTOCOL_ERROR).
+
+This patch should solve the issue #1972. It should be backported as far as
+2.0.
+---
+ src/mux_h2.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/src/mux_h2.c
++++ b/src/mux_h2.c
+@@ -4940,6 +4940,11 @@ next_frame:
+ 		*flags |= H2_SF_HEADERS_RCVD;
+ 
+ 	if (h2c->dff & H2_F_HEADERS_END_STREAM) {
++		if (msgf & H2_MSGF_RSP_1XX) {
++			/* RFC9113#8.1 : HEADERS frame with the ES flag set that carries an informational status code is malformed */
++			TRACE_STATE("invalid interim response with ES flag!", H2_EV_RX_FRAME|H2_EV_RX_HDR|H2_EV_H2C_ERR|H2_EV_PROTO_ERR, h2c->conn);
++			goto fail;
++		}
+ 		/* no more data are expected for this message */
+ 		htx->flags |= HTX_FL_EOM;
+ 	}
diff -Nru haproxy-2.4.18/debian/patches/series haproxy-2.4.18/debian/patches/series
--- haproxy-2.4.18/debian/patches/series	2022-08-25 18:52:23.000000000 +0000
+++ haproxy-2.4.18/debian/patches/series	2023-01-19 15:47:45.000000000 +0000
@@ -4,3 +4,4 @@
 # applied during the build process:
 # debianize-dconv.patch
 reproducible.patch
+CVE-2023-0056.patch