Your message dated Mon, 07 Jun 2021 16:48:54 +0000
with message-id <[email protected]>
and subject line Bug#987853: fixed in wireshark 3.4.6-1~exp1
has caused the Debian Bug report #987853,
regarding wireshark: CVE-2021-22207
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
987853: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987853
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wireshark
Version: 3.4.4-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/17331
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for wireshark.
CVE-2021-22207[0]:
| Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to
| 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet
| injection or crafted capture file
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-22207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22207
[1] https://gitlab.com/wireshark/wireshark/-/issues/17331
[2] https://www.wireshark.org/security/wnpa-sec-2021-04.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wireshark
Source-Version: 3.4.6-1~exp1
Done: Balint Reczey <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <[email protected]> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 07 Jun 2021 14:03:56 +0200
Source: wireshark
Architecture: source
Version: 3.4.6-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Balint Reczey <[email protected]>
Changed-By: Balint Reczey <[email protected]>
Closes: 987853
Launchpad-Bugs-Fixed: 1887933
Changes:
wireshark (3.4.6-1~exp1) experimental; urgency=medium
.
* New upstream version 3.4.5
- security fixes (Closes: #987853):
- MS-WSP dissector excessive memory consumption (CVE-2021-22207)
* debian/gbp.conf: Drop git-dch configuration.
With the move from Gerrit to GitLab there is no easy way of distinguishing
upstream commits.
* New upstream version 3.4.6
- security fixes:
- MS-WSP dissector excessive memory consumption. (CVE-2021-22207)
* Cherrypick upstream commit for SMCD(v2) support (LP: #1887933)
Checksums-Sha1:
9e0f82522846857fd022164daf902115dcce6ed6 3529 wireshark_3.4.6-1~exp1.dsc
cfaa8be27f51c1986e4a6d0e2b07eb89926f135f 32267648 wireshark_3.4.6.orig.tar.xz
e87533da91f3c509b40387e8be1e76c2798de329 83136
wireshark_3.4.6-1~exp1.debian.tar.xz
7fedc32515a41eb3a58d93d1d6598d0f8c111741 19640
wireshark_3.4.6-1~exp1_source.buildinfo
Checksums-Sha256:
6495156e54158258dc910489243ba838ca59e89222280de9cfd894b62738b3b1 3529
wireshark_3.4.6-1~exp1.dsc
f300b310f3d7765220d9e2af318c02cad2740892d9d9f032615c56a78bdbed2e 32267648
wireshark_3.4.6.orig.tar.xz
9d2099bb712bdc207774544e63e4a82eab76523422ac42bf540766641b24f013 83136
wireshark_3.4.6-1~exp1.debian.tar.xz
499b6a635afec6ddef586f34c3d93885bec2036911a0582408848b2fabc0e037 19640
wireshark_3.4.6-1~exp1_source.buildinfo
Files:
44df1e5e29f3158d2c0f1d4ed4fdf097 3529 net optional wireshark_3.4.6-1~exp1.dsc
944df73e20c3f77a3f2677362df29884 32267648 net optional
wireshark_3.4.6.orig.tar.xz
7c400120e85f4ceb29927180bb0af802 83136 net optional
wireshark_3.4.6-1~exp1.debian.tar.xz
438bf2ecc6e0eb3ad964fd82f93d57b3 19640 net optional
wireshark_3.4.6-1~exp1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEI/PvTgXX55rLQUfDg6KBkWslS0UFAmC+RN4ACgkQg6KBkWsl
S0XArxAAkNjm7U/Fxcu6Y9WRm5e8v5jBB/oBI/Sz9uKneQNY3c6yddbz2ydzufOV
LglBBCH0DJHEftKuFoPev6w0Cx4ZNLTTjRJwh/4Rf1OBLuiaNF7QjfvZ9juKxppS
Yw4rCQqSiDdQZ86gYnO11DXMTJ2szmiNFWk96ejI7SwSWLTX1q/VMI6HbXYI0SYZ
Hh7V1zGt1wDvQ2cZtm70GvR4bOqL+uhLJ5rAViWxCUpX5xWmeQ4SpqTjmDQJBNgQ
cv3Qr6OLSfR+ZzelGI09N6hVqypvBXW8NuMqzq/AFyLiGiAJy625o3WtWzkjTjLs
7TXPUfyu/29logofKzpbI5TnT5vQYzJuwe8YxPFseuRIJHsgmgDZrtwcNM7rTS1v
3fzHhTGsPFgxvLXVPatgYHgHrlfdkq88pl1vPe2kBbGH+u9MUKpMn/7uRxfAzvGT
TI738q01s9dCbOXqoOptRXOq9IB/IoseizwhKjYx9Shr1ngV6Peozfgsv3lJcUnd
2Tzz15FX4ownX7//MdBnr9drhK2UF9+JY927aCVTCZ1fgwbxUkFI5U321V9H2r2X
JUcSrMBSqJUgPLL5xW6cvi0ydbfX0mFEb9q8nisAE7Vk/5kpHLbrqNAUIAS+/KXZ
qBtRHGCbUocXdjEeKQZuM8yQoOfMFFF64kNrE6aTQ5OPZGb2i24=
=SO3Z
-----END PGP SIGNATURE-----
--- End Message ---
