Advisory: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243 "Modules for TCP syslog reception have a heap buffer overflow when octet-counted framing is used. The attacker can corrupt heap values, leading to data integrity issues and availability impact. Remote code execution is unlikely to happen but not impossible."
Please bump to 8.2204.1.
(In reply to Sam James from comment #1) > Please bump to 8.2204.1. Ping.
(In reply to Sam James from comment #2) > (In reply to Sam James from comment #1) > > Please bump to 8.2204.1. > > Ping. Oh, I guess we could stable 8.2206.0, but that's a big jump.
(In reply to Sam James from comment #3) > (In reply to Sam James from comment #2) > > (In reply to Sam James from comment #1) > > > Please bump to 8.2204.1. > > > > Ping. > > Oh, I guess we could stable 8.2206.0, but that's a big jump. Yup, it was just added.
(In reply to Maciej Barć from comment #4) > (In reply to Sam James from comment #3) > > (In reply to Sam James from comment #2) > > > (In reply to Sam James from comment #1) > > > > Please bump to 8.2204.1. > > > > > > Ping. > > > > Oh, I guess we could stable 8.2206.0, but that's a big jump. > > Yup, it was just added. Sorry, what I mean is: do you really want to stable that version? You can if you want, but I'd suggest adding 8.2204.1 and doing that instead. But I don't know much about upstream. If not much changed, then go wild. Just better to do more conservative versions for fast/security stabilisation.
