Package: wireshark Severity: grave Tags: security, patch Justification: user security hole
Hi the following remotely exploitable vulnerability in Wireshark's SMTP dissector has been reported: References: http://packetstormsecurity.org/0811-advisories/wireshark104-dos.txt http://bugs.gentoo.org/show_bug.cgi?id=248425 https://bugzilla.redhat.com/show_bug.cgi?id=472737 http://www.nabble.com/-SVRT-04-08--Vulnerability-in-WireShark-1.0.4-for-DoS-Attack-td20640164.html http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2008-11/msg00166.html Proposed upstream patches: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-smtp.c?r1=24989&r2=24988&pathrev=24989&view=patch http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-smtp.c?r1=24994&r2=24993&pathrev=24994&view=patch A CVE id has been requested and I'll forward it to the bugreport once it is available. Packages for lenny and sid build fine with the patch, I haven't tested them though. Could you get back to me wrt fixes for lenny? Cheers Steffen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]