Re: Pull request - curl / daq

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Matthias Fischer <fischerm42@t-online.de>
To: development@lists.ipfire.org
Subject: Re: Pull request - curl / daq
Date: Sat, 27 Jun 2015 13:19:57 +0200	[thread overview]
Message-ID: <558E86DD.4020402@t-online.de> (raw)
In-Reply-To: <1435403148.13892.90.camel@ipfire.org>

[-- Attachment #1: Type: text/plain, Size: 1788 bytes --]

Hi,

On 27.06.2015 13:05, Michael Tremer wrote:
>> >curl - Update to 7.43.0:
>> >http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=bdb1c525340f70fbc7e00615e23c6e4e22bd07ed
> I merged this right away because it contains some security/stability
> fixes. You may include any CVE numbers in the commit message if there
> are any.

Sorry, I missed that. Next time, I know better. ;-)

Here they are, if still needed (excerpt from CHANGES):

Fixes:

http: do not leak basic auth credentials on re-used connections
CVE-2015-3236

test2040: verify basic auth on re-used connections
- SMB: rangecheck values read off incoming packet
CVE-2015-3237

- SMB: rangecheck values read off incoming packet
CVE-2015-3237

>...
>> >daq: Update to 2.0.5:
>> >http://git.ipfire.org/?p=people/mfischer/ipfire-2.x.git;a=commit;h=5d1f2fa5d266a19525eab1874c17feff571ac594
> Should we better ship this together with a snort update?

Yep. Don't know why I missed this one. I just saw it yesterday.

> Are there any urgent changes in here?
>

Hm, hard to tell for me - please judge for yourself (Excerpt from 
'ChangeLog'): ;-)

***SNIP***
Changes in 2.0.5 Release on 2015-04-22:
---------------------------------------
2015-04-22 18:58  jocornet

     * api/daq_common.h:
       Fixed build issue on windows.

2015-04-01 14:56 maltizer

     * configure.ac, os-daq-modules/Makefile.am,
       os-daq-modules/daq_dump.c, os-daq-modules/daq_netmap.c,
       os-daq-modules/daq_static_modules.h, sfbpf/Makefile.am:
       Fixed build issues on FreeBSD.
       Fixed overflowable snaplen in dump module.
       Fixed issues with netmap module.
***SNAP***

Perhaps, "overflowable snaplen" and "netmap" could be important!?

Regards
Matthias

     prev parent reply	other threads:[~2015-06-27 11:19 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-27 10:14 Matthias Fischer
2015-06-27 11:05 ` Michael Tremer
2015-06-27 11:19   ` Matthias Fischer [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=558E86DD.4020402@t-online.de \
    --to=fischerm42@t-online.de \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox