git: e97ac1d5577a - main - security/zeek: Update to 7.0.3
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 05 Oct 2024 01:33:53 UTC
The branch main has been updated by leres: URL: https://cgit.FreeBSD.org/ports/commit/?id=e97ac1d5577aa21d4eec693df5a608cb28526599 commit e97ac1d5577aa21d4eec693df5a608cb28526599 Author: Craig Leres <leres@FreeBSD.org> AuthorDate: 2024-10-05 01:33:24 +0000 Commit: Craig Leres <leres@FreeBSD.org> CommitDate: 2024-10-05 01:33:24 +0000 security/zeek: Update to 7.0.3 https://github.com/zeek/zeek/releases/tag/v7.0.3 This release fixes the following potential DoS vulnerability: - Adding to the POP3 hardening in 7.0.2, the parser now simply discards too many pending commands, rather than any attempting to process them. Further, invalid server responses do not result in command completion anymore. Processing out-of-order commands or finishing commands based on invalid server responses could result in inconsistent analyzer state, potentially triggering null pointer references for crafted traffic. Reported by: Tim Wojtulewicz --- security/zeek/Makefile | 2 +- security/zeek/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/security/zeek/Makefile b/security/zeek/Makefile index 3f7841c5239f..927e5cb64d40 100644 --- a/security/zeek/Makefile +++ b/security/zeek/Makefile @@ -1,5 +1,5 @@ PORTNAME= zeek -DISTVERSION= 7.0.2 +DISTVERSION= 7.0.3 CATEGORIES= security MASTER_SITES= https://download.zeek.org/ diff --git a/security/zeek/distinfo b/security/zeek/distinfo index f386e3a8ceef..f2b29e55f71b 100644 --- a/security/zeek/distinfo +++ b/security/zeek/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1727154773 -SHA256 (zeek-7.0.2.tar.gz) = 3b40304a01059d08c732e8f24b34f0070ec716e266e69edb24ad96ceed064781 -SIZE (zeek-7.0.2.tar.gz) = 95828919 +TIMESTAMP = 1728089705 +SHA256 (zeek-7.0.3.tar.gz) = 029e389f5405d8831657202a7be542be756a8c5811bfaab7376c1c6b10e1d9e3 +SIZE (zeek-7.0.3.tar.gz) = 95797500