Control: fixed -1 2.4.6-1 On Sun, Jul 30, 2017 at 8:51 PM Salvatore Bonaccorso <car...@debian.org> wrote: > > Source: wireshark > Version: 2.2.7-1 > Severity: important > Tags: upstream security > Forwarded: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777 > > Hi, > > the following vulnerability was published for wireshark. > > CVE-2017-9616[0]: > | In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion > | (uncontrolled recursion) in the dissect_mp4_box function in > | epan/dissectors/file-mp4.c. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-9616 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9616 > [1] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore
Thanks, this is now fixed. Cheers, Balint -- Balint Reczey Ubuntu & Debian Developer
