changelog: update 7.0.6 CVEs and titles

diff --git a/ChangeLog b/ChangeLog
index 6ae3683b7a37f71db4560f8db8c79f9b7955f41f..3a3642a10b34f25f05ee9bc3edc1855a6b88fa34 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,15 +1,15 @@
 7.0.6 -- 2024-06-26
 
-Security #7042: defrag: id reuse can lead to invalid reassembly (7.0.x backport)(CVE 2024-37151)
-Security #7105: http2: oom from duplicate headers (7.0.x backport)
-Security #7033: http/range: segv when http.memcap is reached (7.0.x backport)
-Security #6988: modbus: txs without responses are never freed (7.0.x backport)
+Security #7105: http2: oom from duplicate headers (7.0.x backport)(CRITICAL - CVE 2024-38535)
+Security #7042: defrag: id reuse can lead to invalid reassembly (7.0.x backport)(CRITICAL - CVE 2024-37151)
+Security #7033: http/range: segv when http.memcap is reached (7.0.x backport)(HIGH - CVE 2024-38536)
+Security #6988: modbus: txs without responses are never freed (7.0.x backport)(HIGH - CVE 2024-38534)
 Bug #7107: packet: app-layer-events incorrectly used on recycled packets (7.0.x backport)
 Bug #7064: util/radix-tree: Possible dereference of nullptr in case of unsuccess allocation of memory for node (7.0.x backport)
 Bug #7063: smtp/mime: data command rejected by pipelining server does not reset data mode (7.0.x backport)
 Bug #7060: smtp: split name logged as 2 names (7.0.x backport)
 Bug #7050: af-packet: failure to start up on many threads plus high load (7.0.x backport)
-Bug #7043: Crasher in HTTP chunked / StreamingBuffer (7.0.x backport)
+Bug #7043: streaming/buffer: crash in HTTP body handling (7.0.x backport)
 Bug #7038: pcap/log: MacOS rotates file well before limit is reached (7.0.x backport)
 Bug #7035: time: in offline mode, time can stay behind at pcap start (7.0.x backport)
 Bug #7023: unix-socket: iface-bypassed-stat crash (7.0.x backport)
@@ -21,16 +21,16 @@ Bug #6975: detect: log relevant frames app-layer metdata (7.0.x backport)
 Bug #6950: decode/ppp: decoder.event.ppp.wrong_type on valid packet (7.0.x backport)
 Bug #6897: detect/port: upper boundary ports are not correctly handled (7.0.x backport)
 Bug #6895: detect/port: port grouping does not happen correctly if gap between a single and range port (7.0.x backport)
-Bug #6862: Lightweight rules profiling: crash when profiling ends (7.0.x backport)
+Bug #6862: profiling/rules: crash when profiling ends (7.0.x backport)
 Bug #6848: alerts: wrongly using tx id 0 when there is no tx (7.0.x backport)
 Bug #6845: coverity: warning in port grouping code (7.0.x backport)
 Bug #6844: detect/port: port ranges are incorrect when a port is single as well as a part of range (7.0.x backport)
-Bug #6690: Ethernet src should match src ip (7.0.x backport)
+Bug #6690: eve: ethernet src_mac should match src_ip (7.0.x backport)
 Bug #6520: detect-engine/port: recursive DetectPortInsert calls are expensive (7.0.x backport)
 Optimization #6830: detect/port: port grouping is quite slow in worst cases (7.0.x backport)
 Optimization #6829: detect/port: PortGroupWhitelist fn takes a lot of processing time (7.0.x backport)
 Feature #7010: JA4 support for TLS and QUIC (7.0.x backport)
-Feature #6557: Capability to have rules profiling on pcap run (7.0.x backport)
+Feature #6557: profiling/rules: allow enabling profiling for pcap file runs (7.0.x backport)
 Documentation #6910: userguide: document how to verify tar.gz signature (7.0.x backport)
 Documentation #6687: docs: port userguide build instruction changes from master-6.0.x (7.0.x backport)
 Documentation #6601: docs: update eBPF installation instructions (7.0.x backport)