Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update CHANGES, VERSION, and NEWS for 7.0.3 release

Browse source
This commit is contained in:
Christian Kreibich 2024-10-04 15:42:14 -07:00
parent ea44c30272
commit 7a73f81792
3 changed files with 20 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
7.0.3 | 2024-10-04 15:42:14 -0700
* Update CHANGES, VERSION, and NEWS for 7.0.3 release (Christian Kreibich, Corelight)
7.0.2-5 | 2024-10-04 10:46:01 -0700 7.0.2-5 | 2024-10-04 10:46:01 -0700
* Merge remote-tracking branch 'security/topic/awelzel/215-pop3-mail-null-deref' (Christian Kreibich, Corelight) * Merge remote-tracking branch 'security/topic/awelzel/215-pop3-mail-null-deref' (Christian Kreibich, Corelight)

15
NEWS
View file

@ -3,6 +3,21 @@ This document summarizes the most important changes in the current Zeek
release. For an exhaustive list of changes, see the ``CHANGES`` file release. For an exhaustive list of changes, see the ``CHANGES`` file
(note that submodules, such as Broker, come with their own ``CHANGES``.) (note that submodules, such as Broker, come with their own ``CHANGES``.)
Zeek 7.0.3
==========
This release fixes the following security issue:
- Adding to the POP3 hardening in 7.0.2, the parser now simply discards too many
pending commands, rather than any attempting to process them. Further, invalid
server responses do not result in command completion anymore. Processing
out-of-order commands or finishing commands based on invalid server responses
could result in inconsistent analyzer state, potentially triggering null
pointer references for crafted traffic.
This release ships with Spicy 1.11.3, a bugfix release. Please refer to its
release notes for details.
Zeek 7.0.2 Zeek 7.0.2
========== ==========

2
VERSION
View file

@ -1 +1 @@
7.0.2-5 7.0.3