Your message dated Fri, 16 Jun 2023 16:33:40 +0000
with message-id <[email protected]>
and subject line Bug#1033756: fixed in wireshark 4.0.6-1~deb12u1
has caused the Debian Bug report #1033756,
regarding wireshark: CVE-2023-1161
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1033756: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033756
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wireshark
Version: 4.0.3-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/18839
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for wireshark.
CVE-2023-1161[0]:
| ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3
| and 3.6.0 to 3.6.11 allows denial of service via packet injection or
| crafted capture file
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-1161
https://www.cve.org/CVERecord?id=CVE-2023-1161
[1] https://www.wireshark.org/security/wnpa-sec-2023-08.html
[2] https://gitlab.com/wireshark/wireshark/-/issues/18839
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wireshark
Source-Version: 4.0.6-1~deb12u1
Done: Balint Reczey <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <[email protected]> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 14 Jun 2023 16:15:29 +0200
Source: wireshark
Built-For-Profiles: noudeb
Architecture: source
Version: 4.0.6-1~deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Balint Reczey <[email protected]>
Changed-By: Balint Reczey <[email protected]>
Closes: 1033756 1033792 1034721
Changes:
wireshark (4.0.6-1~deb12u1) bookworm-security; urgency=medium
.
* Upload to bookworm-security
.
wireshark (4.0.6-1) unstable; urgency=medium
.
* Upload to unstable
.
wireshark (4.0.6-1~exp1) experimental; urgency=medium
.
* New upstream version 4.0.6
- security fixes:
- Candump log file parser crash (CVE-2023-2855)
- BLF file parser crash (CVE-2023-2857)
- GDSDB dissector infinite loop
- NetScaler file parser crash (CVE-2023-2858)
- VMS TCPIPtrace file parser crash (CVE-2023-2856)
- BLF file parser crash (CVE-2023-2854)
- RTPS dissector crash (CVE-2023-0666)
- IEEE C37.118 Synchrophasor dissector crash (CVE-2023-0668)
- XRA dissector infinite loop
* Fix mismatched Lintian overrides
.
wireshark (4.0.5-1~exp1) experimental; urgency=medium
.
[ Balint Reczey ]
* New upstream version 4.0.4
- security fixes:
- ISO 15765 and ISO 10681 dissector crash (CVE-2023-1161)
(Closes: #1033756)
* Drop 0001-tests-Get-tests-working-with-Python-3.11-except-with.patch
integrated to the new upstream release.
* New upstream version 4.0.5
- security fixes (Closes: #1034721):
- RPCoRDMA dissector crash (CVE-2023-1992)
- LISP dissector large loop (CVE-2023-1993)
- GQUIC dissector crash (CVE-2023-1994)
.
[ Remus-Gabriel Chelu ]
* Adding Romanian debconf templates translation (Closes: #1033792)
Checksums-Sha1:
515601de0b7e3f2f2afe6f1838deae5667219cc2 3430 wireshark_4.0.6-1~deb12u1.dsc
e47fc646c67e185d6f7fb42f9345dbf950d6fa2c 54016050 wireshark_4.0.6.orig.tar.gz
3ee35ad61c3b4b4b9866b9123bc940591142f039 78260
wireshark_4.0.6-1~deb12u1.debian.tar.xz
063133c81f745c7110b246514846b9007f1e6c4d 18999
wireshark_4.0.6-1~deb12u1_source.buildinfo
Checksums-Sha256:
cfa9b1bf26f6020a7c4623a27b1f0e90b0475c24bea4cc20332a87edd6860f55 3430
wireshark_4.0.6-1~deb12u1.dsc
949e020405d17c06079432581c9215a26081ac63c55a716353a9a35b97be0513 54016050
wireshark_4.0.6.orig.tar.gz
47e4ea82c23ee427440f6e011faf29b48c45b29cac8cb877e383184932ccdf87 78260
wireshark_4.0.6-1~deb12u1.debian.tar.xz
027c334beabffd81b96c980aeb5fbe113f3000e8fb745eaa104f88afd2cc3efe 18999
wireshark_4.0.6-1~deb12u1_source.buildinfo
Files:
adb5775ca836a904479866a54e076156 3430 net optional
wireshark_4.0.6-1~deb12u1.dsc
2a5532a351a40d1afb94f3b83d69f88f 54016050 net optional
wireshark_4.0.6.orig.tar.gz
371ee2dfba1ae4426e977e24aa64f3b6 78260 net optional
wireshark_4.0.6-1~deb12u1.debian.tar.xz
8ee88c29dbab2d96e1727bbbffea89b5 18999 net optional
wireshark_4.0.6-1~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEI/PvTgXX55rLQUfDg6KBkWslS0UFAmSJ0wEACgkQg6KBkWsl
S0WvWA//SqyeNuHdbwPz1MXlJNCFKm3JEjFgN6ppR5lw7b7HjtFA77x896Fb05bS
XQg37Xu9AHcvUzeEplH4msExrpohYRyP/DZJJTn4mWN885+HC9kxGGRwWCkZwspb
ANQo+ymhwXEPE+38biKdWuTVjRW8hfX6cxcnpiiCeXUco9np0mMFlkQQEefnkf/z
Dtet7LDytGuZpOzGucm6IpesOofPMYsY1JPutQpj3huCbcu+ptR6wZ1pqA9Qxbck
ZQpVZH3h/galx530EcwaIPvcphaCpDZafYVgFPULrQFXjgnrAxZb2n+i37hDHZF0
AvvLlWIApbZE/j27ZeDwULbVOHIVsTvZhBKMvfFJOVUnko1oze+fqC2hZoAt08n4
yhRuBujd2mA70+BOnL3+LuK6oPldkkJC4d+X6xkyRbkTihMSBi2kq/v4dyIUfO6q
GwKO0WZrvwLRgnKjGEyuWLTeCKOhPsYoxfYRIcP0Lp/i8CwcudIvI0Wa24N069y/
Ce8WmFB+QU5vhoSTKOf7V4UDVr1fkrspGmcDaV5feaCfcVA0An3EpNGnWWZedHES
8FnVpfn6wGhv3M/MNfb3ceeA0Hw4FIxZuPAD9pXTDX/WPeM0Y5OVoJznqDdy77C9
PZ6npiJ6oiUZrfJCGEMKjnQ6CigZemOMK7B4qvPhjAGtl0SYf9Q=
=V0Cr
-----END PGP SIGNATURE-----
--- End Message ---
