Your message dated Mon, 24 Apr 2023 10:50:08 +0000
with message-id <[email protected]>
and subject line Bug#1033756: fixed in wireshark 4.0.5-1~exp1
has caused the Debian Bug report #1033756,
regarding wireshark: CVE-2023-1161
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1033756: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033756
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wireshark
Version: 4.0.3-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/18839
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for wireshark.
CVE-2023-1161[0]:
| ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3
| and 3.6.0 to 3.6.11 allows denial of service via packet injection or
| crafted capture file
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-1161
https://www.cve.org/CVERecord?id=CVE-2023-1161
[1] https://www.wireshark.org/security/wnpa-sec-2023-08.html
[2] https://gitlab.com/wireshark/wireshark/-/issues/18839
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wireshark
Source-Version: 4.0.5-1~exp1
Done: Balint Reczey <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <[email protected]> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 22 Apr 2023 20:29:22 +0200
Source: wireshark
Built-For-Profiles: noudeb
Architecture: source
Version: 4.0.5-1~exp1
Distribution: experimental
Urgency: medium
Maintainer: Balint Reczey <[email protected]>
Changed-By: Balint Reczey <[email protected]>
Closes: 1033756 1033792 1034721
Changes:
wireshark (4.0.5-1~exp1) experimental; urgency=medium
.
[ Balint Reczey ]
* New upstream version 4.0.4
- security fixes:
- ISO 15765 and ISO 10681 dissector crash (CVE-2023-1161)
(Closes: #1033756)
* Drop 0001-tests-Get-tests-working-with-Python-3.11-except-with.patch
integrated to the new upstream release.
* New upstream version 4.0.5
- security fixes (Closes: #1034721):
- RPCoRDMA dissector crash (CVE-2023-1992)
- LISP dissector large loop (CVE-2023-1993)
- GQUIC dissector crash (CVE-2023-1994)
.
[ Remus-Gabriel Chelu ]
* Adding Romanian debconf templates translation (Closes: #1033792)
Checksums-Sha1:
5301d72c3b2606eab723cbe2f553b2553654a849 3418 wireshark_4.0.5-1~exp1.dsc
2c69c61c4a364bd50d06b2dda5f1227c846b9359 53993370 wireshark_4.0.5.orig.tar.gz
94a93c5fe5d82eb7d785f9d585816ef6b9bf4131 78104
wireshark_4.0.5-1~exp1.debian.tar.xz
269857d9369511ff925bfe3b6e04b80a2143b8c8 18857
wireshark_4.0.5-1~exp1_source.buildinfo
Checksums-Sha256:
d0c3f68374ab0c98df1c96bf6e97e553bd549bcc762f4e26ddacb812fcaeb42d 3418
wireshark_4.0.5-1~exp1.dsc
b27f43cb6c0d9a367cc80ca27ca3f692e68bac2264f330989f750c5c4daf95a7 53993370
wireshark_4.0.5.orig.tar.gz
ce758a4b389b7266c336c41315015b5e761c3afe10d63f796bfb4cf641e892e9 78104
wireshark_4.0.5-1~exp1.debian.tar.xz
6799f7bb508ae5d57b1ffb7808b3b4ef0d15024e4ad46701432f5ec9c28d9bad 18857
wireshark_4.0.5-1~exp1_source.buildinfo
Files:
ec044a2669bb1655c6420f6dae1830ca 3418 net optional wireshark_4.0.5-1~exp1.dsc
365da5901c3137439da9262b674800bc 53993370 net optional
wireshark_4.0.5.orig.tar.gz
22c9f96a24d55e287889c96900f18832 78104 net optional
wireshark_4.0.5-1~exp1.debian.tar.xz
d42ce441a3b9671744ea97d01778635e 18857 net optional
wireshark_4.0.5-1~exp1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEI/PvTgXX55rLQUfDg6KBkWslS0UFAmRGWNEACgkQg6KBkWsl
S0VzBRAAhZeNjsPxVG/IkZbAZShMXA484RgjKdoidkIPuh0aurd3ZXh2U6Db0fO4
hOppLdT6OrnJWLD+ldRto9bmPa4+U0448sl0DymSlkfBuDOCac/OUAFMl0DubUfe
aUxH/rcZZbQ5w152IC4t/ptAJ4svZO+2kIFk/nQa9PD1gvOGyusWgtyNX60s5ICz
9fNOrgFP0qBKUIrnuNJXS9EbkEi0W4yJP77wzKUtKGTQJfpGwShsgxUtjgCyPsWR
Q01aW8wT/VbA36/SPH+aRQGkTL1kI4eMJjxeK49/twMuG0Lj3K0LFSoIBjEVxY22
KsHmTIDG9Udx1UxTSleImtlzWrILW7MM32stXc+L57j5iBpnMjbnHeJjVA9ltNfJ
jK8HQLXYAuNoHqR4x2v2cx8ZxIc4V9JaVjenxxwZ/Ww7MOMtAM/LxXZ41/OVbVML
UNBT6tlhGWUUSdeKpZkNH4ovPRdcvzChjZtMbHJ4sytNBc5+WptP93XqCTWRNY00
OdHUsesyyXy+Phn4Yoyg+ia2b0fqCQq7sBFhFHqvVwMIaCeCNeIB57INMYB2lcKe
HToRz+fjVP/lk57PH1fiRCl/pjlYqGgJRe3BabXCIIrvcCny7I2Ue9JuBMiS5DsG
lqt0gMWDgZDP1i88mq8A+4YIbshvjFwfEMXA2BGEnX3FMHDsRdo=
=2YqR
-----END PGP SIGNATURE-----
--- End Message ---
