diff options
author | Rainer Gerhards <rgerhards@adiscon.com> | 2011-08-30 15:35:02 +0200 |
---|---|---|
committer | Rainer Gerhards <rgerhards@adiscon.com> | 2011-08-30 15:35:02 +0200 |
commit | 645a8541d5bbd7cfc0dd9e9f434cce280acf7af8 (patch) | |
tree | b388099c17ffba05be37e8cc679aec315fc64cbb /ChangeLog | |
parent | 154747929f87010b444af2d552f980daafe451e6 (diff) | |
parent | d654e51e2c54e6042a73ee6c95062c916161cdbe (diff) | |
download | rsyslog-645a8541d5bbd7cfc0dd9e9f434cce280acf7af8.tar.gz rsyslog-645a8541d5bbd7cfc0dd9e9f434cce280acf7af8.tar.xz rsyslog-645a8541d5bbd7cfc0dd9e9f434cce280acf7af8.zip |
Merge branch 'v4-stable' into v5-stable
Conflicts:
ChangeLog
tools/syslogd.c
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -1,5 +1,6 @@ --------------------------------------------------------------------------- -Version 5.8.5 [V5-stable] (rgerhards/al), 2011-??-?? +Version 5.8.5 [V5-stable] (rgerhards/al), 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: potential hang condition during tag emulation - bugfix: too-early string termination during tag emulation - bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) @@ -869,11 +870,13 @@ Version 4.7.0 [v4-devel] (rgerhards), 2010-04-14 Thanks for varmojfekoj for pointing me at this bug. - imported changes from 4.5.6 and below --------------------------------------------------------------------------- -Version 4.6.8 [v4-stable] (rgerhards), 2011-??-?? +Version 4.6.8 [v4-stable] (rgerhards), 2011-09-01 +- bugfix/security: off-by-two bug in legacy syslog parser, CVE-2011-3200 - bugfix: potential misadressing in property replacer -- bugfix: memcpy overflow can occur in allowed sender checkig +- bugfix: memcpy overflow can occur in allowed sender checking if a name is resolved to IPv4-mapped-on-IPv6 address Found by Ismail Dönmez at suse +- bugfix: The NUL-Byte for the syslogtag was not copied in MsgDup (msg.c) --------------------------------------------------------------------------- Version 4.6.7 [v4-stable] (rgerhards), 2011-07-11 - added support for the ":omusrmsg:" syntax in configuring user messages |