Date: Fri, 3 Jun 2022 17:33:11 GMT From: Craig Leres <leres@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: c9acdf933e94 - main - security/vuxml: Mark zeek < 4.0.7 as vulnerable as per: Message-ID: <202206031733.253HXBnH092074@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by leres: URL: https://cgit.FreeBSD.org/ports/commit/?id=c9acdf933e94c26c41822c0878ca111cece7129c commit c9acdf933e94c26c41822c0878ca111cece7129c Author: Craig Leres <leres@FreeBSD.org> AuthorDate: 2022-06-03 17:32:46 +0000 Commit: Craig Leres <leres@FreeBSD.org> CommitDate: 2022-06-03 17:32:46 +0000 security/vuxml: Mark zeek < 4.0.7 as vulnerable as per: https://github.com/zeek/zeek/releases/tag/v4.0.7 - Fix potential hang in the DNS analyzer when receiving a specially-crafted packet. Due to the possibility of this happening with packets received from the network, this is a potential DoS vulnerability. Reported by: Tim Wojtulewicz --- security/vuxml/vuln-2022.xml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index a88619e15f72..68e40da62a96 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,31 @@ + <vuln vid="204f1a7a-43df-412f-ad25-7dbe88f54fa4"> + <topic>zeek -- potential DoS vulnerabilty</topic> + <affects> + <package> + <name>zeek</name> + <range><lt>4.0.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Tim Wojtulewicz of Corelight reports:</p> + <blockquote cite="https://github.com/zeek/zeek/releases/tag/v4.0.7">; + <p> Fix potential hang in the DNS analyzer when receiving + a specially-crafted packet. Due to the possibility of + this happening with packets received from the network, + this is a potential DoS vulnerability. </p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/zeek/zeek/releases/tag/v4.0.7</url>; + </references> + <dates> + <discovery>2022-06-01</discovery> + <entry>2022-06-03</entry> + </dates> + </vuln> + <vuln vid="40e2c35e-db99-11ec-b0cf-3065ec8fd3ec"> <topic>chromium -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206031733.253HXBnH092074>