Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.48
@ 2024-05-06  8:19 Fabrice Fontaine
  2024-05-06  8:19 ` [Buildroot] [PATCH 2/2] package/suricata: security bump to version 6.0.19 Fabrice Fontaine
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Fabrice Fontaine @ 2024-05-06  8:19 UTC (permalink / raw)
  To: buildroot; +Cc: Fabrice Fontaine

Fix CVE-2024-23837 and CVE-2024-28871

https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m
https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg
https://github.com/OISF/libhtp/blob/0.5.48/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/libhtp/libhtp.hash | 2 +-
 package/libhtp/libhtp.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/libhtp/libhtp.hash b/package/libhtp/libhtp.hash
index c016cb3439..1809bc93a3 100644
--- a/package/libhtp/libhtp.hash
+++ b/package/libhtp/libhtp.hash
@@ -1,3 +1,3 @@
 # Locally computed:
-sha256  d4214f94522fa5a1ec1909dbb52831c534788d93bc6b2ca8252de9332b11b606  libhtp-0.5.45.tar.gz
+sha256  7f0719732fd0c82f9915e3df27e31548798590ad624fbad24f58b50885248ab8  libhtp-0.5.48.tar.gz
 sha256  87c93904e5434c81622ea690c2b90097b9f162aaa92a96542649a157dbf98d15  LICENSE
diff --git a/package/libhtp/libhtp.mk b/package/libhtp/libhtp.mk
index 8a732d1d5c..8735f593d9 100644
--- a/package/libhtp/libhtp.mk
+++ b/package/libhtp/libhtp.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBHTP_VERSION = 0.5.45
+LIBHTP_VERSION = 0.5.48
 LIBHTP_SITE = $(call github,OISF,libhtp,$(LIBHTP_VERSION))
 LIBHTP_LICENSE = BSD-3-Clause
 LIBHTP_LICENSE_FILES = LICENSE
-- 
2.43.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [Buildroot] [PATCH 2/2] package/suricata: security bump to version 6.0.19
  2024-05-06  8:19 [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.48 Fabrice Fontaine
@ 2024-05-06  8:19 ` Fabrice Fontaine
  2024-05-27  5:58   ` Peter Korsgaard
  2024-05-06 19:33 ` [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.48 Thomas Petazzoni via buildroot
  2024-05-27  5:57 ` Peter Korsgaard
  2 siblings, 1 reply; 5+ messages in thread
From: Fabrice Fontaine @ 2024-05-06  8:19 UTC (permalink / raw)
  To: buildroot; +Cc: Fabrice Fontaine

Fixes:
 - CVE-2024-23839 - Critical severity
 - CVE-2024-23836 - Critical severity
 - CVE-2024-23835 - High severity
 - CVE-2024-24568 - Moderate severity
 - CVE-2024-28870 - HIGH
 - CVE-2024-32663 CRITICAL (HIGH for 6.0.x)
 - CVE-2024-32664 CRITICAL (HIGH for 7.0.x)
 - CVE-2024-32867 MODERATE

https://forum.suricata.io/t/suricata-7-0-3-and-6-0-16-released/4468
https://forum.suricata.io/t/suricata-7-0-4-and-6-0-17-released/4534
https://forum.suricata.io/t/suricata-6-0-18-released/4539
https://forum.suricata.io/t/suricata-7-0-5-and-6-0-19-released/4617

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/suricata/suricata.hash | 2 +-
 package/suricata/suricata.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/suricata/suricata.hash b/package/suricata/suricata.hash
index 41befa61b9..58ab0d93b0 100644
--- a/package/suricata/suricata.hash
+++ b/package/suricata/suricata.hash
@@ -1,5 +1,5 @@
 # Locally computed:
-sha256  1bd546149ac6671c2476d520a38eab7755e10c3080fd2ec2dc8624b0cf89ee75  suricata-6.0.15.tar.gz
+sha256  98c812faef466d337f107f13ae37843f1c719942b93832d70f1a2fd7ee1b5c2c  suricata-6.0.19.tar.gz
 
 # Hash for license files:
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/suricata/suricata.mk b/package/suricata/suricata.mk
index 5b52635328..2083e0caba 100644
--- a/package/suricata/suricata.mk
+++ b/package/suricata/suricata.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SURICATA_VERSION = 6.0.15
+SURICATA_VERSION = 6.0.19
 SURICATA_SITE = https://www.openinfosecfoundation.org/download
 SURICATA_LICENSE = GPL-2.0
 SURICATA_LICENSE_FILES = COPYING LICENSE
-- 
2.43.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.48
  2024-05-06  8:19 [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.48 Fabrice Fontaine
  2024-05-06  8:19 ` [Buildroot] [PATCH 2/2] package/suricata: security bump to version 6.0.19 Fabrice Fontaine
@ 2024-05-06 19:33 ` Thomas Petazzoni via buildroot
  2024-05-27  5:57 ` Peter Korsgaard
  2 siblings, 0 replies; 5+ messages in thread
From: Thomas Petazzoni via buildroot @ 2024-05-06 19:33 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: buildroot

On Mon,  6 May 2024 10:19:58 +0200
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> Fix CVE-2024-23837 and CVE-2024-28871
> 
> https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m
> https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg
> https://github.com/OISF/libhtp/blob/0.5.48/ChangeLog
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/libhtp/libhtp.hash | 2 +-
>  package/libhtp/libhtp.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Both applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.48
  2024-05-06  8:19 [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.48 Fabrice Fontaine
  2024-05-06  8:19 ` [Buildroot] [PATCH 2/2] package/suricata: security bump to version 6.0.19 Fabrice Fontaine
  2024-05-06 19:33 ` [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.48 Thomas Petazzoni via buildroot
@ 2024-05-27  5:57 ` Peter Korsgaard
  2 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2024-05-27  5:57 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fix CVE-2024-23837 and CVE-2024-28871
 > https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m
 > https://github.com/OISF/libhtp/security/advisories/GHSA-ffr2-45w9-7wmg
 > https://github.com/OISF/libhtp/blob/0.5.48/ChangeLog

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2024.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 2/2] package/suricata: security bump to version 6.0.19
  2024-05-06  8:19 ` [Buildroot] [PATCH 2/2] package/suricata: security bump to version 6.0.19 Fabrice Fontaine
@ 2024-05-27  5:58   ` Peter Korsgaard
  0 siblings, 0 replies; 5+ messages in thread
From: Peter Korsgaard @ 2024-05-27  5:58 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Fixes:
 >  - CVE-2024-23839 - Critical severity
 >  - CVE-2024-23836 - Critical severity
 >  - CVE-2024-23835 - High severity
 >  - CVE-2024-24568 - Moderate severity
 >  - CVE-2024-28870 - HIGH
 >  - CVE-2024-32663 CRITICAL (HIGH for 6.0.x)
 >  - CVE-2024-32664 CRITICAL (HIGH for 7.0.x)
 >  - CVE-2024-32867 MODERATE

 > https://forum.suricata.io/t/suricata-7-0-3-and-6-0-16-released/4468
 > https://forum.suricata.io/t/suricata-7-0-4-and-6-0-17-released/4534
 > https://forum.suricata.io/t/suricata-6-0-18-released/4539
 > https://forum.suricata.io/t/suricata-7-0-5-and-6-0-19-released/4617

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2024.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-05-27  5:59 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-05-06  8:19 [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.48 Fabrice Fontaine
2024-05-06  8:19 ` [Buildroot] [PATCH 2/2] package/suricata: security bump to version 6.0.19 Fabrice Fontaine
2024-05-27  5:58   ` Peter Korsgaard
2024-05-06 19:33 ` [Buildroot] [PATCH 1/2] package/libhtp: security bump to version 0.5.48 Thomas Petazzoni via buildroot
2024-05-27  5:57 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox