CVE-2017-7177 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7177): Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. CVE-2017-15377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15377): In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).
@Maintainer after the bump please let us know when tree is clean. Thank you
Why there has been no progress on the issue? There have been few suricata versions available since than. I am running successfully suricata-3.2.5 with a simple bump of an ebuild and configuration files yet package in Gentoo has not been updated since 3.2-r1 released in July...
Sorry for a delay. I've pushed latest available version - 4.0.3
@maintainer, please cleanup the vulnerable versions.
old versions cleared
(In reply to Sławek Lis from comment #5) > old versions cleared Thank you, Slawek!
