syslog-ng: fix CVE-2024-47619 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2025-05-16 12:40:06 +0530
committer	Armin Kuster <akuster808@gmail.com>	2025-05-21 09:17:17 -0400
commit	923a8b73b8b97c7b413b6747e2c7938d84fbb23d (patch)
tree	96c7327a3d55be7e0b2df82d5b3a067ae05dd245 /meta-python/recipes-devtools/python/python3-h5py/0001-setup_build.py-avoid-absolute-path.patch
parent	1947ae04c0d7bd2e23572e88c6515e7843ca8474 (diff)
download	meta-openembedded-923a8b73b8b97c7b413b6747e2c7938d84fbb23d.tar.gz

syslog-ng: fix CVE-2024-47619

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-47619 Upstream patch: https://github.com/syslog-ng/syslog-ng/commit/12a0624e4c275f14cee9a6b4f36e714d2ced8544 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-h5py/0001-setup_build.py-avoid-absolute-path.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: