From e4fb89322bb15f9c25025955804b160510834f88 Mon Sep 17 00:00:00 2001 From: Craig Leres Date: Wed, 18 Sep 2019 17:16:16 +0000 Subject: MFH: r512245 security/bro: Update to 2.6.4 and address a potential Denial of Service vulnerability: https://raw.githubusercontent.com/zeek/zeek/3b5a9f88ece1d274edee897837e280ef751bde94/NEWS - The NTLM analyzer did not properly handle AV Pair sequences that were either empty or unterminated, resulting in invalid memory access or heap buffer over-read. The NTLM analyzer is enabled by default and used in the analysis of SMB, DCE/RPC, and GSSAPI protocols. Approved by: ler (mentor, implicit) Security: 55571619-454e-4769-b1e5-28354659e152 Approved by: ports-secteam (miwi) --- security/bro/Makefile | 2 +- security/bro/distinfo | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/security/bro/Makefile b/security/bro/Makefile index d48a7074f3e1..6b642c3721e8 100644 --- a/security/bro/Makefile +++ b/security/bro/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= bro -PORTVERSION= 2.6.3 +PORTVERSION= 2.6.4 CATEGORIES= security MASTER_SITES= https://www.zeek.org/downloads/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} diff --git a/security/bro/distinfo b/security/bro/distinfo index 3a6f2d77cbb6..62c9aa4e382e 100644 --- a/security/bro/distinfo +++ b/security/bro/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1565320389 -SHA256 (bro-2.6.3.tar.gz) = 469dd7456af388ba65d8722fbfdd5b9182f14def16149aa5ebceb1cfd881697f -SIZE (bro-2.6.3.tar.gz) = 28480249 +TIMESTAMP = 1568760632 +SHA256 (bro-2.6.4.tar.gz) = a47a9cdcef0ea14d5f70c390ab266f0333063ff96f3869a5f1609581a1d1ceb7 +SIZE (bro-2.6.4.tar.gz) = 28481281 SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b SIZE (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 24630 -- cgit v1.2.3