Source: wireshark Version: 4.2.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for wireshark. CVE-2024-0207[0]: | HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service | via packet injection or crafted capture file CVE-2024-0208[1]: | GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 | to 3.6.19 allows denial of service via packet injection or crafted | capture file CVE-2024-0209[2]: | IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and | 3.6.0 to 3.6.19 allows denial of service via packet injection or | crafted capture file CVE-2024-0210[3]: | Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of | service via packet injection or crafted capture file CVE-2024-0211[4]: | DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service | via packet injection or crafted capture file If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-0207 https://www.cve.org/CVERecord?id=CVE-2024-0207 [1] https://security-tracker.debian.org/tracker/CVE-2024-0208 https://www.cve.org/CVERecord?id=CVE-2024-0208 [2] https://security-tracker.debian.org/tracker/CVE-2024-0209 https://www.cve.org/CVERecord?id=CVE-2024-0209 [3] https://security-tracker.debian.org/tracker/CVE-2024-0210 https://www.cve.org/CVERecord?id=CVE-2024-0210 [4] https://security-tracker.debian.org/tracker/CVE-2024-0211 https://www.cve.org/CVERecord?id=CVE-2024-0211 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
