Rebase to lldpd-1.0.17

Fixes CVE-2020-27827 by including upstream commit a8d3c90feca5
("lldp: avoid memory leak from bad packets").
Fixes CVE-2021-43612 by including upstream commit 73d42680fce8
("sonmp: fix heap overflow when reading SONMP packets").
Fixes CVE-2023-41910 by including upstream commit a9aeabdf879c
("daemon: fix read overflow when parsing CDP addresses").

CVE: CVE-2020-27827
CVE: CVE-2021-43612
CVE: CVE-2023-41910

Resolves: RHEL-5791
Resolves: RHEL-5796
Resolves: RHEL-2211

Signed-off-by: Hangbin Liu <haliu@redhat.com>
This commit is contained in:
Hangbin Liu 2023-11-06 16:01:13 +08:00
parent 48e0a9a3ad
commit 7e958ca617
3 changed files with 8 additions and 3 deletions

2
.gitignore vendored
View File

@ -2,3 +2,5 @@
/lldpd-0.9.8.tar.gz
/lldpd-1.0.1.tar.gz
/lldpd-1.0.4-free.tar.gz
/lldpd-1.0.17.tar.gz
/lldpd-1.0.17-free.tar.gz

View File

@ -9,8 +9,8 @@
%global gh_owner vincentbernat
Name: lldpd
Version: 1.0.4
Release: 10%{?dist}
Version: 1.0.17
Release: 1%{?dist}
Summary: ISC-licensed implementation of LLDP
License: ISC
@ -176,6 +176,9 @@ fi
%changelog
* Mon Nov 06 2023 Hangbin Liu <haliu@redhat.com> - 1.0.17-1
- Rebased to 1.0.17 [RHEL-2211, RHEL-5791, RHEL-5796]
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0.4-10
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

View File

@ -1 +1 @@
SHA512 (lldpd-1.0.4-free.tar.gz) = ae72f6e9dd6c3ea86c3eae8ff03ccc4a1271dce324504fb7ca42b718014062a27e94fb46d2fc8ff653c9c6731a052b5be4459f8d7bb19cb26f2bb044eda6da5c
SHA512 (lldpd-1.0.17-free.tar.gz) = 30497474d5707674ce402f0c1cedcdfef1f86c96ae75df4fd96454f560dc2dd816736f694c385ec15a7fab4ac6341285c86a7be1a8770e08917fd3432b4a6f39