| 2007-11-22 13:27:58 |
Stephan Rügamer |
bug |
|
|
added bug |
| 2007-11-22 13:28:26 |
Stephan Rügamer |
description |
Binary package hint: wireshark
Wireshark upstream developers released 0.99.7.
This fixes some more vulnerabilities:
Release announcement from Upstream:
Wireshark 0.99.7 fixes the following vulnerabilities:
* Wireshark could crash when reading an MP3 file.
Versions affected: 0.99.6
* Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet.
Versions affected: 0.10.12 to 0.99.6
* Stefan Esser discovered a buffer overflow in the SSL dissector.
Versions affected: 0.99.0 to 0.99.6
* The ANSI MAP dissector could be susceptible to a buffer overflow on some platforms. (Bug 1844)
Versions affected: 0.99.5 to 0.99.6
* The Firebird/Interbase dissector could go into an infinite loop or crash. (Bugs 1931 and 1932)
Versions affected: 0.99.6
* The NCP dissector could cause a crash.
Versions affected: 0.99.6
* The HTTP dissector could crash on some systems while decoding chunked messages.
Versions affected: 0.10.14 to 0.99.6
* The MEGACO dissector could enter a large loop and consume system resources.
Versions affected: 0.9.14 to 0.99.6
* The DCP ETSI dissector could enter a large loop and consume system resources.
Versions affected: 0.99.6
* Fabiodds discovered a buffer overflow in the iSeries (OS/400) Communication trace file parser. (Bug 1926)
Versions affected: 0.99.0 to 0.99.6
* The PPP dissector could overflow a buffer.
Versions affected: 0.99.6
* The Bluetooth SDP dissector could go into an infinite loop.
Versions affected: 0.99.2 to 0.99.6
* A malformed RPC Portmap packet could cause a crash. (Bug 1998)
Versions affected: 0.8.16 to 0.99.6
A sync for hardy should be done, when debian releases a new package.
Other versions, from gutsy to dapper needs to be security patches according to upstream changes. |
Binary package hint: wireshark
Wireshark upstream developers released 0.99.7.
This fixes some more vulnerabilities:
Release announcement from Upstream:
Wireshark 0.99.7 fixes the following vulnerabilities:
* Wireshark could crash when reading an MP3 file.
Versions affected: 0.99.6
* Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet.
Versions affected: 0.10.12 to 0.99.6
* Stefan Esser discovered a buffer overflow in the SSL dissector.
Versions affected: 0.99.0 to 0.99.6
* The ANSI MAP dissector could be susceptible to a buffer overflow on some platforms. (Bug 1844)
Versions affected: 0.99.5 to 0.99.6
* The Firebird/Interbase dissector could go into an infinite loop or crash. (Bugs 1931 and 1932)
Versions affected: 0.99.6
* The NCP dissector could cause a crash.
Versions affected: 0.99.6
* The HTTP dissector could crash on some systems while decoding chunked messages.
Versions affected: 0.10.14 to 0.99.6
* The MEGACO dissector could enter a large loop and consume system resources.
Versions affected: 0.9.14 to 0.99.6
* The DCP ETSI dissector could enter a large loop and consume system resources.
Versions affected: 0.99.6
* Fabiodds discovered a buffer overflow in the iSeries (OS/400) Communication trace file parser. (Bug 1926)
Versions affected: 0.99.0 to 0.99.6
* The PPP dissector could overflow a buffer.
Versions affected: 0.99.6
* The Bluetooth SDP dissector could go into an infinite loop.
Versions affected: 0.99.2 to 0.99.6
* A malformed RPC Portmap packet could cause a crash. (Bug 1998)
Versions affected: 0.8.16 to 0.99.6
A sync for hardy should be done, when debian releases a new package.
Other versions, from gutsy to dapper needs to be security patches according to upstream changes.
CVE ID are pending.
Debian Bug is attached to this report. |
|
| 2007-11-22 13:28:42 |
Stephan Rügamer |
bug |
|
|
assigned to wireshark (Debian) |
| 2007-11-22 13:29:31 |
Stephan Rügamer |
wireshark: status |
New |
In Progress |
|
| 2007-11-22 13:29:31 |
Stephan Rügamer |
wireshark: assignee |
|
shermann |
|
| 2007-11-27 09:23:11 |
Stephan Rügamer |
bug |
|
|
added subscriber MOTU SWAT |
| 2007-11-27 09:48:42 |
William Grant |
wireshark: status |
In Progress |
Fix Released |
|
| 2007-11-27 09:48:42 |
William Grant |
wireshark: assignee |
shermann |
|
|
| 2007-11-27 09:48:57 |
William Grant |
wireshark: status |
New |
In Progress |
|
| 2007-11-27 09:48:57 |
William Grant |
wireshark: assignee |
|
shermann |
|
| 2007-11-27 09:49:15 |
William Grant |
wireshark: status |
New |
In Progress |
|
| 2007-11-27 09:49:15 |
William Grant |
wireshark: assignee |
|
shermann |
|
| 2007-11-27 09:49:49 |
William Grant |
wireshark: status |
New |
In Progress |
|
| 2007-11-27 09:49:49 |
William Grant |
wireshark: assignee |
|
shermann |
|
| 2007-12-03 13:23:12 |
Stephan Rügamer |
bug |
|
|
added attachment 'edgy_wireshark_0.99.3a-1ubuntu1.2.debdiff' (edgy debdiff to fix those issues) |
| 2007-12-03 13:44:55 |
Stephan Rügamer |
bug |
|
|
added attachment 'feisty_wireshark_0.99.4-6ubuntu0.2.debdiff' (feisty debdiff to fix those issue) |
| 2007-12-03 20:19:02 |
Kees Cook |
wireshark: status |
In Progress |
Fix Committed |
|
| 2007-12-03 20:19:15 |
Kees Cook |
wireshark: status |
In Progress |
Fix Committed |
|
| 2007-12-04 07:41:40 |
Bug Watch Updater |
wireshark: status |
Unknown |
New |
|
| 2007-12-05 08:58:47 |
Stephan Rügamer |
bug |
|
|
added attachment 'gutsy_wireshark_0.99.6rel-3ubuntu0.1.debdiff' (gutsy debdiff to fix all issues) |
| 2008-01-28 23:21:15 |
Kees Cook |
wireshark: status |
In Progress |
Fix Committed |
|
| 2008-01-29 19:26:14 |
Kees Cook |
wireshark: status |
Fix Committed |
Fix Released |
|
| 2008-01-29 19:28:11 |
Kees Cook |
wireshark: status |
Fix Committed |
Fix Released |
|
| 2008-01-29 19:28:21 |
Kees Cook |
wireshark: status |
Fix Committed |
Fix Released |
|
| 2008-04-28 22:45:21 |
Bug Watch Updater |
wireshark: status |
New |
Fix Released |
|
| 2009-07-26 17:23:07 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/gutsy/wireshark/gutsy-security |
|
