git: e97ac1d5577a - main - security/zeek: Update to 7.0.3
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 05 Oct 2024 01:33:53 UTC
The branch main has been updated by leres:
URL: https://cgit.FreeBSD.org/ports/commit/?id=e97ac1d5577aa21d4eec693df5a608cb28526599
commit e97ac1d5577aa21d4eec693df5a608cb28526599
Author: Craig Leres <leres@FreeBSD.org>
AuthorDate: 2024-10-05 01:33:24 +0000
Commit: Craig Leres <leres@FreeBSD.org>
CommitDate: 2024-10-05 01:33:24 +0000
security/zeek: Update to 7.0.3
https://github.com/zeek/zeek/releases/tag/v7.0.3
This release fixes the following potential DoS vulnerability:
- Adding to the POP3 hardening in 7.0.2, the parser now simply
discards too many pending commands, rather than any attempting
to process them. Further, invalid server responses do not result
in command completion anymore. Processing out-of-order commands
or finishing commands based on invalid server responses could
result in inconsistent analyzer state, potentially triggering
null pointer references for crafted traffic.
Reported by: Tim Wojtulewicz
---
security/zeek/Makefile | 2 +-
security/zeek/distinfo | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/security/zeek/Makefile b/security/zeek/Makefile
index 3f7841c5239f..927e5cb64d40 100644
--- a/security/zeek/Makefile
+++ b/security/zeek/Makefile
@@ -1,5 +1,5 @@
PORTNAME= zeek
-DISTVERSION= 7.0.2
+DISTVERSION= 7.0.3
CATEGORIES= security
MASTER_SITES= https://download.zeek.org/
diff --git a/security/zeek/distinfo b/security/zeek/distinfo
index f386e3a8ceef..f2b29e55f71b 100644
--- a/security/zeek/distinfo
+++ b/security/zeek/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1727154773
-SHA256 (zeek-7.0.2.tar.gz) = 3b40304a01059d08c732e8f24b34f0070ec716e266e69edb24ad96ceed064781
-SIZE (zeek-7.0.2.tar.gz) = 95828919
+TIMESTAMP = 1728089705
+SHA256 (zeek-7.0.3.tar.gz) = 029e389f5405d8831657202a7be542be756a8c5811bfaab7376c1c6b10e1d9e3
+SIZE (zeek-7.0.3.tar.gz) = 95797500