Your message dated Sat, 06 Jan 2024 03:09:24 +0000 with message-id <e1rlx3s-006ijy...@fasolo.debian.org> and subject line Bug#1059925: fixed in wireshark 4.2.2-1 has caused the Debian Bug report #1059925, regarding wireshark: CVE-2024-0207 CVE-2024-0208 CVE-2024-0209 CVE-2024-0210 CVE-2024-0211 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1059925: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059925 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: wireshark Version: 4.2.0-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerabilities were published for wireshark. CVE-2024-0207[0]: | HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service | via packet injection or crafted capture file CVE-2024-0208[1]: | GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 | to 3.6.19 allows denial of service via packet injection or crafted | capture file CVE-2024-0209[2]: | IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and | 3.6.0 to 3.6.19 allows denial of service via packet injection or | crafted capture file CVE-2024-0210[3]: | Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of | service via packet injection or crafted capture file CVE-2024-0211[4]: | DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service | via packet injection or crafted capture file If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-0207 https://www.cve.org/CVERecord?id=CVE-2024-0207 [1] https://security-tracker.debian.org/tracker/CVE-2024-0208 https://www.cve.org/CVERecord?id=CVE-2024-0208 [2] https://security-tracker.debian.org/tracker/CVE-2024-0209 https://www.cve.org/CVERecord?id=CVE-2024-0209 [3] https://security-tracker.debian.org/tracker/CVE-2024-0210 https://www.cve.org/CVERecord?id=CVE-2024-0210 [4] https://security-tracker.debian.org/tracker/CVE-2024-0211 https://www.cve.org/CVERecord?id=CVE-2024-0211 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: wireshark Source-Version: 4.2.2-1 Done: Balint Reczey <bal...@balintreczey.hu> We believe that the bug you reported is fixed in the latest version of wireshark, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1059...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Balint Reczey <bal...@balintreczey.hu> (supplier of updated wireshark package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 05 Jan 2024 23:25:07 +0100 Source: wireshark Built-For-Profiles: noudeb Architecture: source Version: 4.2.2-1 Distribution: unstable Urgency: medium Maintainer: Balint Reczey <bal...@balintreczey.hu> Changed-By: Balint Reczey <bal...@balintreczey.hu> Closes: 1056642 1056985 1059925 Changes: wireshark (4.2.2-1) unstable; urgency=medium . * New upstream version 4.2.1: - security fixes (Closes: #1059925): - GVCP dissector crash (CVE-2024-0208) - IEEE 1609.2 dissector crash (CVE-2024-0209) - HTTP3 dissector crash (CVE-2024-0207) - Zigbee TLV dissector crash (CVE-2024-0210) - DOCSIS dissector crash (CVE-2024-0211) * debian/control: Replace all Qt5 dependencies with Qt6 equivalents (Closes: #1056642) * debian/control: Use versioned Conflicts+Replaces to migrate wireshark-qt files to wireshark (Closes: #1056985) * Suggest installing the missing packages on ipmap.html when the JavaScript files are missing. Thanks to Uli Heilmeier for the improved patch. * debian/control: Skip pytest build dependencies in the nocheck profile * debian/copyright: Don't exclude debian/ Upstream moved the dir to packaging/debian thus there can't be any file collision between upsteam's and Debian's packaing * New upstream version 4.2.2 Checksums-Sha1: 46142886abec727af1c733d14db3bcae562a1156 3419 wireshark_4.2.2-1.dsc 277a2abb835649a85d1b7942d381b0ce2aacb910 58028107 wireshark_4.2.2.orig.tar.gz b93b274abd8948830a78194f9f1dac4a9835e42b 81420 wireshark_4.2.2-1.debian.tar.xz d08afcd41801deed7f96dd55b8914fcdabd2013a 20615 wireshark_4.2.2-1_source.buildinfo Checksums-Sha256: d310f4e43c9dff147d765eb82afe491c1a887704bc5b204802c9f5760126d9b4 3419 wireshark_4.2.2-1.dsc 1139bead1a0237680bc449e139083d819dee0037eff05cdb92fc2deba5859810 58028107 wireshark_4.2.2.orig.tar.gz ebb4c6837e02831e0fea957a6b046845ee28bdda5db7e293f10b29cde396fb3b 81420 wireshark_4.2.2-1.debian.tar.xz 818b0932e6d3d1fd0770fc1c0181c1bf8db5bc623b1c70db0875165fbd5b6cab 20615 wireshark_4.2.2-1_source.buildinfo Files: fd0df081d79fcb00856439c8c452b9d2 3419 net optional wireshark_4.2.2-1.dsc 059d358dd00cec4517b3698cf5e89f3d 58028107 net optional wireshark_4.2.2.orig.tar.gz 98cfb0df7dbb84ea6f39c255db25fe58 81420 net optional wireshark_4.2.2-1.debian.tar.xz f2fa9db5a5ed6c14a84630fb58ab18f1 20615 net optional wireshark_4.2.2-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEI/PvTgXX55rLQUfDg6KBkWslS0UFAmWYgkYACgkQg6KBkWsl S0WgwQ//Yhus2wwtjjVsDSNbPFRkJwZEvEvMMpos0TM04qjnKyRiL4Xpr24zK9vE ZrwTuBHt8vhxEfDEPrsYNu1NmkCWQS3wvUEv0yylz0k7bNynNmQhzX2rAmFxYq16 lWrYsDyQl5ms+Ky6Z5krNCSBd1lolqmXzynxxGxFvoMDqy4jFqEeLxzCOiRegh67 57kYkoT3gDpZSdznYl9RiGq3Z0l+hACborKJWRrFSa1XlTAHo+SqYgb9UNAXWkl4 tZSMHGQpoEOfL42JbszH6f/yz1HWHd+K1GYKxOxq8l4anaOs2rhIiFPsqKjojP/z ZE9yQ38TR4cRBK7c6ztrF1jdoCBUFFG7Ixd4u+VNDi5w5ZYtyk5xskJtRkgmbNaN ZMDR0tCK55b1qGr+REcllonSEDUugnfDqppUmyVWdLzts5zp72W01PpWo9RQY03i nNMnERjHN8Mvsg4N+73JbUcJGhIXw4WEV30yCUkSysLekIcoUffC4UXltmF/+thx /aKu0QOVOxOnReAiOwgl4WYTeIFUcx+LiEEOoOw/49uHIVlxoqLmSPVJejXh7N2T ERVcCASiVRjX8+AheAAj3PqldYt9409xaSBGVn9esJEdKFtRoP6RMoiNom/OY9ZT /zKn7PHZcZI9sVDUqDjGVkl2JcdMgBPJtEyyhnueOWlsWf4s87s= =hCKg -----END PGP SIGNATURE-----
--- End Message ---
