Date: Wed, 21 Apr 2021 21:43:56 GMT From: Craig Leres <leres@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 53d0f5e5bcd4 - main - security/vuxml: Mark zeek < 4.0.1 as vulnerable as per: Message-ID: <202104212143.13LLhu5Y022334@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by leres: URL: https://cgit.FreeBSD.org/ports/commit/?id=53d0f5e5bcd4f652fdb8f2b4d0b0e2b03e2526d1 commit 53d0f5e5bcd4f652fdb8f2b4d0b0e2b03e2526d1 Author: Craig Leres <leres@FreeBSD.org> AuthorDate: 2021-04-21 21:40:41 +0000 Commit: Craig Leres <leres@FreeBSD.org> CommitDate: 2021-04-21 21:40:41 +0000 security/vuxml: Mark zeek < 4.0.1 as vulnerable as per: https://github.com/zeek/zeek/releases/tag/v4.0.1 Fix null-pointer dereference when encountering an invalid enum name in a config/input file that tries to read it into a set[enum]. For those that have such an input feed whose contents may come from external/remote sources, this is a potential DoS vulnerability. --- security/vuxml/vuln.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 302670fcd1c1..22a8c6b74cd5 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -76,6 +76,35 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="bc83cfc9-42cf-4b00-97ad-d352ba0c5e2b"> + <topic>zeek -- null-pointer dereference vulnerability</topic> + <affects> + <package> + <name>zeek</name> + <range><lt>4.0.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Jon Siwek of Corelight reports:</p> + <blockquote cite="https://github.com/zeek/zeek/releases/tag/v4.0.1">; + <p>Fix null-pointer dereference when encountering an + invalid enum name in a config/input file that tries to + read it into a set[enum]. For those that have such an + input feed whose contents may come from external/remote + sources, this is a potential DoS vulnerability. </p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/zeek/zeek/releases/tag/v4.0.1</url>; + </references> + <dates> + <discovery>2021-04-01</discovery> + <entry>2021-04-21</entry> + </dates> + </vuln> + <vuln vid="efb965be-a2c0-11eb-8956-1951a8617e30"> <topic>openvpn -- deferred authentication can be bypassed in specific circumstances</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104212143.13LLhu5Y022334>