Your message dated Mon, 16 Aug 2021 09:09:58 +0000
with message-id <[email protected]>
and subject line Bug#987853: fixed in wireshark 3.4.7-1
has caused the Debian Bug report #987853,
regarding wireshark: CVE-2021-22207
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
987853: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987853
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wireshark
Version: 3.4.4-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/17331
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for wireshark.
CVE-2021-22207[0]:
| Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to
| 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet
| injection or crafted capture file
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-22207
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22207
[1] https://gitlab.com/wireshark/wireshark/-/issues/17331
[2] https://www.wireshark.org/security/wnpa-sec-2021-04.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wireshark
Source-Version: 3.4.7-1
Done: Balint Reczey <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <[email protected]> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 16 Aug 2021 08:01:12 +0200
Source: wireshark
Built-For-Profiles: noudeb
Architecture: source
Version: 3.4.7-1
Distribution: unstable
Urgency: medium
Maintainer: Balint Reczey <[email protected]>
Changed-By: Balint Reczey <[email protected]>
Closes: 987853
Launchpad-Bugs-Fixed: 1887933
Changes:
wireshark (3.4.7-1) unstable; urgency=medium
.
* Upload to unstable
.
wireshark (3.4.7-1~exp1) experimental; urgency=medium
.
* New upstream version
- security fixes:
- DNP dissector crash (CVE-2021-22235)
* Update symbols.
.
wireshark (3.4.6-1~exp1) experimental; urgency=medium
.
* New upstream version 3.4.5
- security fixes (Closes: #987853):
- MS-WSP dissector excessive memory consumption (CVE-2021-22207)
* debian/gbp.conf: Drop git-dch configuration.
With the move from Gerrit to GitLab there is no easy way of distinguishing
upstream commits.
* New upstream version 3.4.6
- security fixes:
- MS-WSP dissector excessive memory consumption. (CVE-2021-22207)
* Cherrypick upstream commit for SMCD(v2) support (LP: #1887933)
Checksums-Sha1:
a9939ee50bad7b7921111da7b362bbe453e5e766 3509 wireshark_3.4.7-1.dsc
dabed6b599721d08509f86f72f5dc6f1e07a0f3c 83220 wireshark_3.4.7-1.debian.tar.xz
9e2ddf902b6a0ce1cae2ffbb3b432c6ee0356b20 20202
wireshark_3.4.7-1_source.buildinfo
Checksums-Sha256:
134c7764f6782d00e61be9e62fec6864361543d182c0a579ac8311025ab749e9 3509
wireshark_3.4.7-1.dsc
3f268a62b6d93a6e52c8708244d334bf1a9dd3681988ecd85bba033d70e01f6d 83220
wireshark_3.4.7-1.debian.tar.xz
815f7edc36f18eec6397c06c09ac445eda9d5662f6e56a6db2303da5b50046d7 20202
wireshark_3.4.7-1_source.buildinfo
Files:
2c81089a66170a7eab82cf26b87eaa6f 3509 net optional wireshark_3.4.7-1.dsc
7129370a8cb3db3f07dd3d37b3940e79 83220 net optional
wireshark_3.4.7-1.debian.tar.xz
fd691405da981565df2678a056deab7c 20202 net optional
wireshark_3.4.7-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEI/PvTgXX55rLQUfDg6KBkWslS0UFAmEaADkACgkQg6KBkWsl
S0WQHhAAmIsMB0bTmXq9l/ikbKPZJUFK+UzcVZdQAX7mw8qPQFHWbF1TqcMTj6Jk
2gUZlCBZmnau3I6Q/lbEEA0yhpqRFM/eEypV15DO4W41QwsKo9r2f4NCXaW8sWVr
pToAEw15nT0QD0wNNpvv1Wq4ASJi4jT9TjA0gEVkJFx0QwlcOSve/XWj25oY8zUm
ogO6VQtUZ26o7Q60QDxaBS1OgQR6NwiZFBuyJajFH999rUb6BwTlOITKSJmtLSmJ
dCgdlcsxbMQNOhcEuRbZ3S/Bimz9ZS1UAogfhSLqaS4TLb5zpsebcHPfN5ZvEWhW
+GXEv+7OFnM6r79mSuVRSQRDjYH8szpcJ0A4SJ3qwZgTxqpo+eXiZdyuHc13kV6G
X2bf534O9FV50q4U2yDdV0HyRaVhSWymTnGjO9W/PQFT2LDpKkqgUmyyMcVl1sMT
P4PrBfUtr01K72PvxCYyNircvDfrOcxHVsIh5lxOliYQAN/Jz/WZl55GfkfclhxN
ZHXZmmAIt0AR/cRi1zG1dXB+4VCGxRPIGaaQKpqW7qKevpcfYN7Zss7dc2gsmfYM
UxhpdfTB1p1dSA0HvYxteCKhXp/ReimU25IJVoUmpWphutEpyFTVjFBxjJvgnc39
WO/VSwv40GQc+axeFhIDBJo8lhOzL8iVYDUCc4fAbaG+aR1tJ0U=
=4pWr
-----END PGP SIGNATURE-----
--- End Message ---
