Page MenuHomeFreeBSD

security/vuxml: Mark bro < 2.6.2 as vulnerable
ClosedPublic

Authored by leres on May 31 2019, 5:11 PM.

Details

Summary

Note: I would like to reference a url but I cannot find one on
zeek.org that says anything about this new version of vulnerability.

There is a CVE but it is just a placeholder right now.

Proposed commit message:

Mark bro < 2.6.2 as vulnerable as per an announcement to the
zeek@zeek.org mailing list.

The issue is unsafe integer conversions that can cause unintentional
code paths to be executed.

Reviewed by: ? (mentor)
Approved by: ? (mentor)
Differential Revision: ?
Security: CVE-2019-12175

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

leres created this revision.May 31 2019, 5:11 PM
leres updated this revision to Diff 58119.May 31 2019, 6:38 PM

Upstream updated their NEWS file, update the description cite
accordingly.

ler accepted this revision.May 31 2019, 6:57 PM

LGTM. These should fall under your implicit commit authority, FWIW.

This revision is now accepted and ready to land.May 31 2019, 6:57 PM
This revision was automatically updated to reflect the committed changes.