K 10
svn:author
V 5
leres
K 8
svn:date
V 27
2020-04-14T21:27:30.058255Z
K 7
svn:log
V 888
MFH: r531729

security/zeek: Update to 3.0.4 and address a remote crash vulnerability:

   https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS

 - Fix stack overflow in POP3 analyzer. An attacker can crash Zeek
   remotely via crafted packet sequence.

Other fixes:

 - Fix use-after-free in Zeek lambda functions with uninitialized
   locals

 - Fix buffer overflow due to tables/records created at parse-time
   not rebuilt on record redef

 - Fix SMB NegotiateContextList parsing

 - Fix binpac flowbuffer frame length parsing doing too much bounds
   checking

 - Fix parsing ERSPAN III optional sub-header

 - Fix bug in intel indicator normalization

 - Fix connection duration thresholding

 - Fix X509Common.h header include for external plugins

 - Fix incorrect targeting of node-specific Broker/Cluster messages

Approved by:	ports-secteam (joneum)

END