package/rsyslog: security bump to version 8.2204.1

Fix CVE-2022-24903: Modules for TCP syslog reception have a heap buffer
overflow when octet-counted framing is used. The attacker can corrupt
heap values, leading to data integrity issues and availability impact.
Remote code execution is unlikely to happen but not impossible.

https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243
https://github.com/rsyslog/rsyslog/blob/v8.2204.1/ChangeLog

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Fabrice Fontaine 2022-05-21 17:28:24 +02:00 committed by Thomas Petazzoni
parent 9eeb5cd96d
commit bc469ee632
2 changed files with 2 additions and 2 deletions

View File

@ -1,5 +1,5 @@
# From http://www.rsyslog.com/downloads/download-v8-stable/
sha256 19b232f765c4ba7a35b91ef1f5f9af775f6ff78ef56bb7737a2ce79ccbb32b98 rsyslog-8.2010.0.tar.gz
sha256 a6d731e46ad3d64f6ad4b19bbf1bf56ca4760a44a24bb96823189dc2e71f7028 rsyslog-8.2204.1.tar.gz
# Locally calculated
sha256 054b3a047d9232376a46b87356b19b0c0c2924cb5e6911ab96a01fc4b515f083 COPYING

View File

@ -4,7 +4,7 @@
#
################################################################################
RSYSLOG_VERSION = 8.2010.0
RSYSLOG_VERSION = 8.2204.1
RSYSLOG_SITE = http://rsyslog.com/files/download/rsyslog
RSYSLOG_LICENSE = GPL-3.0, LGPL-3.0, Apache-2.0
RSYSLOG_LICENSE_FILES = COPYING COPYING.LESSER COPYING.ASL20