Summary: | net/krill: Update to 0.12.1 | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Jaap Akkerhuis <jaap> | ||||
Component: | Individual Port(s) | Assignee: | Fernando Apesteguía <fernape> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Many People | CC: | fernape, ports-secteam | ||||
Priority: | --- | Keywords: | security | ||||
Version: | Latest | Flags: | fernape:
merge-quarterly+
|
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
URL: | https://www.nlnetlabs.nl/news/2023/Jan/17/krill.0.12.1-released/ | ||||||
Attachments: |
|
Description
Jaap Akkerhuis
2023-01-19 12:08:38 UTC
Note to self: VuXML entry A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=bb104a8ee1912bb409408601e479658e5c9f0f60 commit bb104a8ee1912bb409408601e479658e5c9f0f60 Author: Jaap Akkerhuis <jaap@NLnetLabs.nl> AuthorDate: 2023-01-21 17:10:44 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-01-23 13:17:33 +0000 net/krill: Update to 0.12.1 ChangeLog: https://www.nlnetlabs.nl/news/2023/Jan/17/krill.0.12.1-released/ Firstly, this release fixes [CVE-2023-0158](https://nlnetlabs.nl/downloads/routinator/CVE-2023-0158.txt) Secondly, locking was added in this release to ensure that updates to the repository content are always applied sequentially. This fixes a concurrency issue introduced in Krill 0.12.0 that could result in rejecting an update from a publishing CA. PR: 269050 Reported by: jaap@NLnetLabs.nl (maintainer) MFH: 2023Q1 (security fix) Security: CVE-2023-0158 net/krill/Makefile | 275 +--------------------------------------- net/krill/Makefile.crates (new) | 272 +++++++++++++++++++++++++++++++++++++++ net/krill/distinfo | 8 +- 3 files changed, 278 insertions(+), 277 deletions(-) A commit in branch 2023Q1 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=53a33b88798e029ce9134f58e2c176e2f6d469ab commit 53a33b88798e029ce9134f58e2c176e2f6d469ab Author: Jaap Akkerhuis <jaap@NLnetLabs.nl> AuthorDate: 2023-01-21 17:10:44 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-01-23 13:19:09 +0000 net/krill: Update to 0.12.1 ChangeLog: https://www.nlnetlabs.nl/news/2023/Jan/17/krill.0.12.1-released/ Firstly, this release fixes [CVE-2023-0158](https://nlnetlabs.nl/downloads/routinator/CVE-2023-0158.txt) Secondly, locking was added in this release to ensure that updates to the repository content are always applied sequentially. This fixes a concurrency issue introduced in Krill 0.12.0 that could result in rejecting an update from a publishing CA. PR: 269050 Reported by: jaap@NLnetLabs.nl (maintainer) MFH: 2023Q1 (security fix) Security: CVE-2023-0158 (cherry picked from commit bb104a8ee1912bb409408601e479658e5c9f0f60) net/krill/Makefile | 275 +--------------------------------------- net/krill/Makefile.crates (new) | 272 +++++++++++++++++++++++++++++++++++++++ net/krill/distinfo | 8 +- 3 files changed, 278 insertions(+), 277 deletions(-) A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=6451492b53545e19bc2761229143294c6503de8f commit 6451492b53545e19bc2761229143294c6503de8f Author: Fernando Apesteguía <fernape@FreeBSD.org> AuthorDate: 2023-01-23 13:16:35 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2023-01-23 13:20:06 +0000 security/vuxml: register net/krill DoS vulnerability CVE-2023-0158 PR: 269050 security/vuxml/vuln/2023.xml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) Committed and merged to 2023Q1, Thanks! |