Page MenuHomeFreeBSD

security/vuxml: Mark bro < 2.6.2 as vulnerable
ClosedPublic

Authored by leres on May 31 2019, 5:11 PM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 7 2024, 7:15 PM
Unknown Object (File)
Jan 4 2024, 5:07 AM
Unknown Object (File)
Dec 20 2023, 1:25 AM
Unknown Object (File)
Nov 19 2023, 2:47 AM
Unknown Object (File)
Nov 19 2023, 2:46 AM
Unknown Object (File)
Nov 19 2023, 1:51 AM
Unknown Object (File)
Nov 10 2023, 6:02 AM
Unknown Object (File)
Oct 9 2023, 9:14 PM
Subscribers

Details

Summary

Note: I would like to reference a url but I cannot find one on
zeek.org that says anything about this new version of vulnerability.

There is a CVE but it is just a placeholder right now.

Proposed commit message:

Mark bro < 2.6.2 as vulnerable as per an announcement to the
zeek@zeek.org mailing list.

The issue is unsafe integer conversions that can cause unintentional
code paths to be executed.

Reviewed by: ? (mentor)
Approved by: ? (mentor)
Differential Revision: ?
Security: CVE-2019-12175

Diff Detail

Repository
rP FreeBSD ports repository
Lint
No Lint Coverage
Unit
No Test Coverage
Build Status
Buildable 24624
Build 23405: arc lint + arc unit

Event Timeline

Upstream updated their NEWS file, update the description cite
accordingly.

LGTM. These should fall under your implicit commit authority, FWIW.

This revision is now accepted and ready to land.May 31 2019, 6:57 PM
This revision was automatically updated to reflect the committed changes.