svn commit: r512245 - head/security/bro
Craig Leres
leres at FreeBSD.org
Tue Sep 17 23:13:58 UTC 2019
Author: leres
Date: Tue Sep 17 23:13:57 2019
New Revision: 512245
URL: https://svnweb.freebsd.org/changeset/ports/512245
Log:
security/bro: Update to 2.6.4 and address a potential Denial of
Service vulnerability:
https://raw.githubusercontent.com/zeek/zeek/3b5a9f88ece1d274edee897837e280ef751bde94/NEWS
- The NTLM analyzer did not properly handle AV Pair sequences that
were either empty or unterminated, resulting in invalid memory
access or heap buffer over-read. The NTLM analyzer is enabled
by default and used in the analysis of SMB, DCE/RPC, and GSSAPI
protocols.
Approved by: ler (mentor, implicit)
MFH: 2019Q3
Security: 55571619-454e-4769-b1e5-28354659e152
Modified:
head/security/bro/Makefile
head/security/bro/distinfo
Modified: head/security/bro/Makefile
==============================================================================
--- head/security/bro/Makefile Tue Sep 17 23:10:32 2019 (r512244)
+++ head/security/bro/Makefile Tue Sep 17 23:13:57 2019 (r512245)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= bro
-PORTVERSION= 2.6.3
+PORTVERSION= 2.6.4
CATEGORIES= security
MASTER_SITES= https://www.zeek.org/downloads/
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
Modified: head/security/bro/distinfo
==============================================================================
--- head/security/bro/distinfo Tue Sep 17 23:10:32 2019 (r512244)
+++ head/security/bro/distinfo Tue Sep 17 23:13:57 2019 (r512245)
@@ -1,5 +1,5 @@
-TIMESTAMP = 1565320389
-SHA256 (bro-2.6.3.tar.gz) = 469dd7456af388ba65d8722fbfdd5b9182f14def16149aa5ebceb1cfd881697f
-SIZE (bro-2.6.3.tar.gz) = 28480249
+TIMESTAMP = 1568760632
+SHA256 (bro-2.6.4.tar.gz) = a47a9cdcef0ea14d5f70c390ab266f0333063ff96f3869a5f1609581a1d1ceb7
+SIZE (bro-2.6.4.tar.gz) = 28481281
SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b
SIZE (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 24630
More information about the svn-ports-all
mailing list