Date: Tue, 14 Apr 2020 20:55:15 +0000 (UTC) From: Craig Leres <leres@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r531729 - head/security/zeek Message-ID: <202004142055.03EKtFVl001915@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: leres Date: Tue Apr 14 20:55:15 2020 New Revision: 531729 URL: https://svnweb.freebsd.org/changeset/ports/531729 Log: security/zeek: Update to 3.0.4 and address a remote crash vulnerability: https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS - Fix stack overflow in POP3 analyzer. An attacker can crash Zeek remotely via crafted packet sequence. Other fixes: - Fix use-after-free in Zeek lambda functions with uninitialized locals - Fix buffer overflow due to tables/records created at parse-time not rebuilt on record redef - Fix SMB NegotiateContextList parsing - Fix binpac flowbuffer frame length parsing doing too much bounds checking - Fix parsing ERSPAN III optional sub-header - Fix bug in intel indicator normalization - Fix connection duration thresholding - Fix X509Common.h header include for external plugins - Fix incorrect targeting of node-specific Broker/Cluster messages MFH: 2020Q2 Modified: head/security/zeek/Makefile head/security/zeek/distinfo Modified: head/security/zeek/Makefile ============================================================================== --- head/security/zeek/Makefile Tue Apr 14 20:53:37 2020 (r531728) +++ head/security/zeek/Makefile Tue Apr 14 20:55:15 2020 (r531729) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= zeek -PORTVERSION= 3.0.3 -PORTREVISION= 1 +PORTVERSION= 3.0.4 CATEGORIES= security MASTER_SITES= https://old.zeek.org/downloads/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} Modified: head/security/zeek/distinfo ============================================================================== --- head/security/zeek/distinfo Tue Apr 14 20:53:37 2020 (r531728) +++ head/security/zeek/distinfo Tue Apr 14 20:55:15 2020 (r531729) @@ -1,5 +1,5 @@ -TIMESTAMP = 1584248063 -SHA256 (zeek-3.0.3.tar.gz) = 42a178cc9d28e4f20373e415727845a2c52bacdab535d6f810fe2d3cd02e9c76 -SIZE (zeek-3.0.3.tar.gz) = 29270043 +TIMESTAMP = 1586896367 +SHA256 (zeek-3.0.4.tar.gz) = 73d609dde02936a8711f0bdede7e1143ad27693253a2ee0ca3d18560ca752207 +SIZE (zeek-3.0.4.tar.gz) = 29329199 SHA256 (bro-bro-netmap-f3620df_GH0.tar.gz) = e51f420781c9a01b0494f93d82f94a1b045725c1cff406c33887974a9940c655 SIZE (bro-bro-netmap-f3620df_GH0.tar.gz) = 24661
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202004142055.03EKtFVl001915>