Created attachment 251743 [details] Patch to update This fixes an issue that causes Krill to panic if a CA with multiple parents and children have one of their parents removed, causing the children to try and revoke their certificates for that parent. This is relevant for Krill instances under NIC.br that themselves have children. In addition, the releases update the HTTP library to avoid a possible denial-of-service attack described in RUSTSEC-2024-0332. If you are exposing Krill’s HTTP server directly to the Internet without a reverse proxy such as Nginx in between, we advise you to update at your earliest convenience. Version 0.14.5 in addition fixes an issue with encoding empty CRLs and empty RRDP deltas as well as a possible freeze when trying to access the RIS data while it is being downloaded. It also adds support for overriding the manifest number for trust anchor CAs. The complete list of changes can be found in the release notes at https://github.com/NLnetLabs/krill/releases/tag/v0.14.5
This fixes CVE-2023-0158. Note to self: Add VuXML entry.
(In reply to Fernando Apesteguía from comment #1) OK, already in the database.
Committed, Thanks!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=e658a380968d8cafe0d1fa13cde03a5090fcf62f commit e658a380968d8cafe0d1fa13cde03a5090fcf62f Author: Jaap Akkerhuis <jaap@NLnetLabs.nl> AuthorDate: 2024-06-28 17:54:01 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2024-06-29 18:33:54 +0000 net/krill: Update to version 0.14.5 ChangeLog: https://nlnetlabs.nl/news/2024/Jun/27/krill-0.13.2-0.14.5-released/ Not merging to quarterly since the branching of the ports tree is very near. PR: 280035 Reported by: jaap@NLnetLabs.nl (maintainer) net/krill/Makefile | 3 +- net/krill/Makefile.crates | 421 ++++++++++++----------- net/krill/distinfo | 850 ++++++++++++++++++++++++---------------------- 3 files changed, 664 insertions(+), 610 deletions(-)