Your message dated Wed, 14 Jun 2023 11:13:51 +0000
with message-id <[email protected]>
and subject line Bug#1033756: fixed in wireshark 4.0.6-1
has caused the Debian Bug report #1033756,
regarding wireshark: CVE-2023-1161
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1033756: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033756
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wireshark
Version: 4.0.3-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/18839
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for wireshark.
CVE-2023-1161[0]:
| ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3
| and 3.6.0 to 3.6.11 allows denial of service via packet injection or
| crafted capture file
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-1161
https://www.cve.org/CVERecord?id=CVE-2023-1161
[1] https://www.wireshark.org/security/wnpa-sec-2023-08.html
[2] https://gitlab.com/wireshark/wireshark/-/issues/18839
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wireshark
Source-Version: 4.0.6-1
Done: Balint Reczey <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <[email protected]> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 14 Jun 2023 12:39:46 +0200
Source: wireshark
Built-For-Profiles: noudeb
Architecture: source
Version: 4.0.6-1
Distribution: unstable
Urgency: medium
Maintainer: Balint Reczey <[email protected]>
Changed-By: Balint Reczey <[email protected]>
Closes: 1033756 1033792 1034721
Changes:
wireshark (4.0.6-1) unstable; urgency=medium
.
* Upload to unstable
.
wireshark (4.0.6-1~exp1) experimental; urgency=medium
.
* New upstream version 4.0.6
- security fixes:
- Candump log file parser crash (CVE-2023-2855)
- BLF file parser crash (CVE-2023-2857)
- GDSDB dissector infinite loop
- NetScaler file parser crash (CVE-2023-2858)
- VMS TCPIPtrace file parser crash (CVE-2023-2856)
- BLF file parser crash (CVE-2023-2854)
- RTPS dissector crash (CVE-2023-0666)
- IEEE C37.118 Synchrophasor dissector crash (CVE-2023-0668)
- XRA dissector infinite loop
* Fix mismatched Lintian overrides
.
wireshark (4.0.5-1~exp1) experimental; urgency=medium
.
[ Balint Reczey ]
* New upstream version 4.0.4
- security fixes:
- ISO 15765 and ISO 10681 dissector crash (CVE-2023-1161)
(Closes: #1033756)
* Drop 0001-tests-Get-tests-working-with-Python-3.11-except-with.patch
integrated to the new upstream release.
* New upstream version 4.0.5
- security fixes (Closes: #1034721):
- RPCoRDMA dissector crash (CVE-2023-1992)
- LISP dissector large loop (CVE-2023-1993)
- GQUIC dissector crash (CVE-2023-1994)
.
[ Remus-Gabriel Chelu ]
* Adding Romanian debconf templates translation (Closes: #1033792)
Checksums-Sha1:
7b3a5b83de7bd0a357db60444faa12f89af73623 3398 wireshark_4.0.6-1.dsc
9df2f8d315a3e21a9077b885ee9c7e47cf19661c 78164 wireshark_4.0.6-1.debian.tar.xz
fa16e1541f980f32aa18b20b9d6a84d6b4959cef 18967
wireshark_4.0.6-1_source.buildinfo
Checksums-Sha256:
ab39ed2d376574c668c63eaede1a24b082eff46ca742d8f3ae1bb8c74d7c3053 3398
wireshark_4.0.6-1.dsc
075879b103615ce9ccceb165ea5e0f8473989a41e8a0ddd42d5f25160f5ef6f5 78164
wireshark_4.0.6-1.debian.tar.xz
25ed50e4b52b5388b97fda3fbae5ca0ed425b931f3e622f3e669f3bbe9b7b94c 18967
wireshark_4.0.6-1_source.buildinfo
Files:
5697ee9eade6e6913da7ea8ed753fbee 3398 net optional wireshark_4.0.6-1.dsc
b3415a5866c63b3267a6b7a70c62f881 78164 net optional
wireshark_4.0.6-1.debian.tar.xz
5aa5541947aaeeb392cfa539a6a3f574 18967 net optional
wireshark_4.0.6-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEI/PvTgXX55rLQUfDg6KBkWslS0UFAmSJmwMACgkQg6KBkWsl
S0VssA//QglZN3OORBbbCNX3lGCGCvs8jD/H59zk6c9FJ14j54/dJvBHBwxeIMdd
x3aX49MbUIUXSrRnf+3v4KBB2ItZut6+8Pg7T0xxKFRn0yKz6aAHyzicJr804cN3
iv4fELxaxi9VznCoAkhbgDWyqN6PxqxLCVNAnJietnpkQ0QsZHBIrxwSkSxfvhaw
5EQQJhv7bj9VFcJXNxomTbLkq9PVU45OZU0Z0A5kokwC1tDh/K1hnolvQm2VKrOd
ZR/v0Km3xlLjAbVNxffmnlpOqTG4VWPtSD8F+t/bgGkXrZH9PHP/x3NtOrxhX2Cx
TbQqdUdUlUGBKX0n8tzfz1gOkRMOusKTdulHcMx2ScH04t0NNF2kgd7NDp/Krsa1
kBwv4aErz9Okds+O3lK4vIpEjU4+aDZ7Fu+/daFlfAuSk8Ra5j+k5Luu3O+2R9gj
eO1806uqyNlEc7P4mqxqSpoNVSa+cbAGLqznPoVwndP4Y6LqlcNpVF1t9cFUvR29
xnMWSaBsePcS1EZpeiS+EXMxCQnqdUd3aWNABWY6GRq/Tr2tCsDncmM+iktnpxn8
80wj5atQk6zjuSvxe+Hv2gFIF5IdxSqg5SJ3VC5BXfGB24LpMXdSsoIlDP1BhxUo
5jp1O7iRTcGSASh6bFqSOut5V6O5Iga4voNUGphYzIWh0N1nFNM=
=yGf5
-----END PGP SIGNATURE-----
--- End Message ---
