234191 – security/bro: Update to 2.6.1 (Fixes Magellan vulnerability)

Bug 234191 - security/bro: Update to 2.6.1 (Fixes Magellan vulnerability)

Summary: security/bro: Update to 2.6.1 (Fixes Magellan vulnerability)

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Craig Leres

URL:
Keywords:	security

Depends on:
Blocks:	234112
	Show dependency tree / graph

Reported:	2018-12-20 02:21 UTC by Kubilay Kocak
Modified:	2018-12-21 07:33 UTC (History)
CC List:	0 users

See Also:

Flags:	leres: maintainer-feedback+ koobs: merge-quarterly+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kubilay Kocak freebsd_committer

2018-12-20 02:21:52 UTC

security/bro: Update to 2.6.1
  
   - Update the embedded SQLite library from 3.18.0 to 3.26.0 to
     address a remote code execution vulnerability ("Magellan").
  
   - Uses a bundled version of the actor-framework (caf) library so
     we can remove the port-local build for caf.
  
  Replace broctl-config.sh absolute symlink with a relative one.

---

Committed in ports r487823
VuXML committed in ports r487821

Pending MFH

Comment 1 Craig Leres freebsd_committer

2018-12-20 23:07:59 UTC

MFH handled by r487921.