Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
PUBLIC_REPOS
/
buildroot
zrkadlo git://git.buildroot.net/buildroot
2
1
Fork 0
Súbory
Prechádzať zdrojové kódy

package/syslog-ng: security bump to v4.8.3

See the release notes:
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.3

This fixes the following vulnerability:
- CVE-2024-47619:
    syslog-ng is an enhanced log daemo. Prior to version 4.8.2,
    `tls_wildcard_match()` matches on certificates such as `foo.*.bar`
    although that is not allowed. It is also possible to pass partial
    wildcards such as `foo.a*c.bar` which glib matches but should be
    avoided / invalidated. This issue could have an impact on TLS
    connections, such as in man-in-the-middle situations. Version 4.8.2
    contains a fix for the issue.
    https://www.cve.org/CVERecord?id=CVE-2024-47619

Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Titouan Christophe 3 mesiacov pred
rodič
89fd61a127
commit
7660818b4b
2 zmenil súbory, kde vykonal 2 pridanie a 2 odobranie
Rozdelené zobrazenie Ukázať štatistiku rozdielnych dát
  1. 1 1
      package/syslog-ng/syslog-ng.hash
  2. 1 1
      package/syslog-ng/syslog-ng.mk

+ 1 - 1
package/syslog-ng/syslog-ng.hash
Zobraziť súbor 

@@ -1,5 +1,5 @@
 
 # Locally computed
 
-sha256  e8b8b98c60a5b68b25e3462c4104c35d05b975e6778d38d8a81b8ff7c0e64c5b  syslog-ng-4.8.1.tar.gz
 
+sha256  f82732a8e639373037d2b69c0e6d5d6594290f0350350f7a146af4cd8ab9e2c7  syslog-ng-4.8.3.tar.gz
 
 sha256  d7d51f8d0f6ee9757a371080e7f5fa19ac73afbef14db6e981705cf1ec813d6b  COPYING
 
 sha256  ce3324c9f22299cfc7c281e5a6ab40fbe9c2ea1a67cee87226cb8cd39db1e1d2  GPL.txt
 
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  LGPL.txt

+ 1 - 1
package/syslog-ng/syslog-ng.mk
Zobraziť súbor 

@@ -6,7 +6,7 @@
 
 
 # When updating the version, please check at runtime if the version in
 
 # syslog-ng.conf header needs to be updated
 
-SYSLOG_NG_VERSION = 4.8.1
 
+SYSLOG_NG_VERSION = 4.8.3
 
 SYSLOG_NG_SITE = https://github.com/balabit/syslog-ng/releases/download/syslog-ng-$(SYSLOG_NG_VERSION)
 
 SYSLOG_NG_LICENSE = LGPL-2.1+ (syslog-ng core), GPL-2.0+ (modules)
 
 SYSLOG_NG_LICENSE_FILES = COPYING GPL.txt LGPL.txt