All of lore.kernel.org
 help / color / mirror / Atom feed
From: Peter Korsgaard <peter@korsgaard.com>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 2/2] package/suricata: security bump to version 6.0.14
Date: Thu, 28 Sep 2023 11:25:13 +0200	[thread overview]
Message-ID: <87cyy2y7ie.fsf@48ers.dk> (raw)
In-Reply-To: <20230927200708.491826-2-fontaine.fabrice@gmail.com> (Fabrice Fontaine's message of "Wed, 27 Sep 2023 22:07:08 +0200")

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - Fix CVE-2023-35852: In Suricata before 6.0.13 (when there is an
 >   adversary who controls an external source of rules), a dataset
 >   filename, that comes from a rule, may trigger absolute or relative
 >   directory traversal, and lead to write access to a local filesystem.
 >   This is addressed in 6.0.13 by requiring allow-absolute-filenames and
 >   allow-write (in the datasets rules configuration section) if an
 >   installation requires traversal/writing in this situation.
 > - Fix CVE-2023-35853: In Suricata before 6.0.13, an adversary who
 >   controls an external source of Lua rules may be able to execute Lua
 >   code. This is addressed in 6.0.13 by disabling Lua unless allow-rules
 >   is true in the security lua configuration section.
 > - Drop first patch (not needed since
 >   https://github.com/OISF/suricata/commit/c8a3aa608eaae1acbaf33dba8a7c1a3cbfeb4285)

 > https://github.com/OISF/suricata/blob/suricata-6.0.14/ChangeLog

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 > ---
 >  .checkpackageignore                           |  3 +-
 >  ...ure-proper-shabang-on-python-scripts.patch | 47 -------------------
 >  ...low-the-user-to-override-RUST_TARGET.patch | 35 --------------
 >  package/suricata/suricata.hash                |  2 +-
 >  package/suricata/suricata.mk                  |  5 +-
 >  5 files changed, 4 insertions(+), 88 deletions(-)
 >  delete mode 100644 package/suricata/0001-python-ensure-proper-shabang-on-python-scripts.patch
 >  delete mode 100644 package/suricata/0002-configure.ac-allow-the-user-to-override-RUST_TARGET.patch

Hmm, did you mean to rename patch 0002 rather than delete it?

 > diff --git a/.checkpackageignore b/.checkpackageignore
 > index b41ab6918e..61de4d79a1 100644
 > --- a/.checkpackageignore
 > +++ b/.checkpackageignore
 > @@ -1360,8 +1360,7 @@ package/statserial/0001-ncurses-link.patch Upstream
 >  package/stunnel/S50stunnel Indent Shellcheck Variables
 >  package/sudo/0001-configure.ac-fix-openssl-static-build.patch Upstream
 >  package/supervisor/S99supervisord Variables
 > -package/suricata/0001-python-ensure-proper-shabang-on-python-scripts.patch Upstream
 > -package/suricata/0002-configure.ac-allow-the-user-to-override-RUST_TARGET.patch Upstream
 > +package/suricata/0001-configure.ac-allow-the-user-to-override-RUST_TARGET.patch Upstream

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

  reply	other threads:[~2023-09-28  9:25 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-27 20:07 [Buildroot] [PATCH 1/2] package/libhtp: bump to version 0.5.45 Fabrice Fontaine
2023-09-27 20:07 ` [Buildroot] [PATCH 2/2] package/suricata: security bump to version 6.0.14 Fabrice Fontaine
2023-09-28  9:25   ` Peter Korsgaard [this message]
2023-09-28  9:24 ` [Buildroot] [PATCH 1/2] package/libhtp: bump to version 0.5.45 Peter Korsgaard
2023-10-15 20:48 ` Peter Korsgaard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87cyy2y7ie.fsf@48ers.dk \
    --to=peter@korsgaard.com \
    --cc=buildroot@buildroot.org \
    --cc=fontaine.fabrice@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.