Hi Frederic, * Frederic Peters <[EMAIL PROTECTED]> [2007-11-22 18:06]: > I'll package 0.99.7pre1, I'll then investigate the problems also > present in Etch/Sarge packages. [...] Thanks, I saw the upload and marked those as fixed in this version in the security tracker. Please close the bug in the changelog next time to make tracking this bug easier.
The following CVE ids were assigned to these bugs: ====================================================== Name: CVE-2007-6111 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6111 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2007-03.html Reference: BID:26532 Reference: URL:http://www.securityfocus.com/bid/26532 Reference: FRSIRT:ADV-2007-3956 Reference: URL:http://www.frsirt.com/english/advisories/2007/3956 Reference: SECTRACK:1018988 Reference: URL:http://securitytracker.com/id?1018988 Reference: SECUNIA:27777 Reference: URL:http://secunia.com/advisories/27777 Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector. ====================================================== Name: CVE-2007-6112 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6112 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2007-03.html Reference: BID:26532 Reference: URL:http://www.securityfocus.com/bid/26532 Reference: FRSIRT:ADV-2007-3956 Reference: URL:http://www.frsirt.com/english/advisories/2007/3956 Reference: SECTRACK:1018988 Reference: URL:http://securitytracker.com/id?1018988 Reference: SECUNIA:27777 Reference: URL:http://secunia.com/advisories/27777 Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. ====================================================== Name: CVE-2007-6113 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6113 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2007-03.html Reference: BID:26532 Reference: URL:http://www.securityfocus.com/bid/26532 Reference: FRSIRT:ADV-2007-3956 Reference: URL:http://www.frsirt.com/english/advisories/2007/3956 Reference: SECTRACK:1018988 Reference: URL:http://securitytracker.com/id?1018988 Reference: SECUNIA:27777 Reference: URL:http://secunia.com/advisories/27777 Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP packet. ====================================================== Name: CVE-2007-6114 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6114 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2007-03.html Reference: BID:26532 Reference: URL:http://www.securityfocus.com/bid/26532 Reference: FRSIRT:ADV-2007-3956 Reference: URL:http://www.frsirt.com/english/advisories/2007/3956 Reference: SECTRACK:1018988 Reference: URL:http://securitytracker.com/id?1018988 Reference: SECUNIA:27777 Reference: URL:http://secunia.com/advisories/27777 Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 through 0.99.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) the SSL dissector or (2) the iSeries (OS/400) Communication trace file parser. ====================================================== Name: CVE-2007-6115 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6115 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2007-03.html Reference: BID:26532 Reference: URL:http://www.securityfocus.com/bid/26532 Reference: FRSIRT:ADV-2007-3956 Reference: URL:http://www.frsirt.com/english/advisories/2007/3956 Reference: SECTRACK:1018988 Reference: URL:http://securitytracker.com/id?1018988 Reference: SECUNIA:27777 Reference: URL:http://secunia.com/advisories/27777 Buffer overflow in the ANSI MAP dissector for Wireshark (formerly Ethereal) 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. ====================================================== Name: CVE-2007-6116 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6116 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2007-03.html Reference: BID:26532 Reference: URL:http://www.securityfocus.com/bid/26532 Reference: FRSIRT:ADV-2007-3956 Reference: URL:http://www.frsirt.com/english/advisories/2007/3956 Reference: SECTRACK:1018988 Reference: URL:http://securitytracker.com/id?1018988 Reference: SECUNIA:27777 Reference: URL:http://secunia.com/advisories/27777 The Firebird/Interbase dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. ====================================================== Name: CVE-2007-6117 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6117 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2007-03.html Reference: BID:26532 Reference: URL:http://www.securityfocus.com/bid/26532 Reference: FRSIRT:ADV-2007-3956 Reference: URL:http://www.frsirt.com/english/advisories/2007/3956 Reference: SECTRACK:1018988 Reference: URL:http://securitytracker.com/id?1018988 Reference: SECUNIA:27777 Reference: URL:http://secunia.com/advisories/27777 Unspecified vulnerability in the HTTP dissector for Wireshark (formerly Ethereal) 0.10.14 to 0.99.6 has unknown impact and remote attack vectors related to chunked messages. ====================================================== Name: CVE-2007-6118 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6118 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2007-03.html Reference: BID:26532 Reference: URL:http://www.securityfocus.com/bid/26532 Reference: FRSIRT:ADV-2007-3956 Reference: URL:http://www.frsirt.com/english/advisories/2007/3956 Reference: SECTRACK:1018988 Reference: URL:http://securitytracker.com/id?1018988 Reference: SECUNIA:27777 Reference: URL:http://secunia.com/advisories/27777 The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. ====================================================== Name: CVE-2007-6119 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6119 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2007-03.html Reference: BID:26532 Reference: URL:http://www.securityfocus.com/bid/26532 Reference: FRSIRT:ADV-2007-3956 Reference: URL:http://www.frsirt.com/english/advisories/2007/3956 Reference: SECTRACK:1018988 Reference: URL:http://securitytracker.com/id?1018988 Reference: SECUNIA:27777 Reference: URL:http://secunia.com/advisories/27777 The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. ====================================================== Name: CVE-2007-6120 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6120 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2007-03.html Reference: BID:26532 Reference: URL:http://www.securityfocus.com/bid/26532 Reference: FRSIRT:ADV-2007-3956 Reference: URL:http://www.frsirt.com/english/advisories/2007/3956 Reference: SECTRACK:1018988 Reference: URL:http://securitytracker.com/id?1018988 Reference: SECUNIA:27777 Reference: URL:http://secunia.com/advisories/27777 The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. ====================================================== Name: CVE-2007-6121 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6121 Reference: CONFIRM:http://www.wireshark.org/security/wnpa-sec-2007-03.html Reference: BID:26532 Reference: URL:http://www.securityfocus.com/bid/26532 Reference: FRSIRT:ADV-2007-3956 Reference: URL:http://www.frsirt.com/english/advisories/2007/3956 Reference: SECTRACK:1018988 Reference: URL:http://securitytracker.com/id?1018988 Reference: SECUNIA:27777 Reference: URL:http://secunia.com/advisories/27777 Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpeptDkGn9w5.pgp
Description: PGP signature