You are correct, I used the wrong CVE ID. Will fix.

I will have to look into that. I am using the CVE #s that were provided to me by Red Hat security team.

This update has been unpushed.

BZ#1447085 Use KillMode=mixed in systemd service file

OK. I went back and tested the older haproxy build (haproxy-1.7.3-1.fc26.x86_64) and it also fails to start due to SELinux AVC, so this bug is not caused by this update.