Your message dated Sun, 23 Jun 2013 13:00:38 +0000
with message-id <e1uqjui-0001v4...@franck.debian.org>
and subject line Bug#711918: fixed in wireshark 1.10.0-1
has caused the Debian Bug report #711918,
regarding wireshark: Multiple vulnerabilities in wireshark dissectors
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
711918: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711918
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: wireshark
Severity: serious
Hi,
multiple vulnerabilities were found in various wireshark detectors:
CVE-2013-4074 wireshark: DoS (crash) in the CAPWAP dissector
CVE-2013-4075 wireshark: DoS (crash) in the GMR-1 BCCH dissector
CVE-2013-4076 wireshark: Invalid free in the PPP dissector
CVE-2013-4077 wireshark: Array index error in the NBAP dissector
CVE-2013-4078 wireshark: DoS (infinite loop) in the RDP dissector
CVE-2013-4079 wireshark: DoS (infinite loop, application hang) in the GSM CBCH
dissector
CVE-2013-4080 wireshark: DoS (infinite loop, CPU & memory consumption) in the
Assa Abloy R3 dissector
CVE-2013-4081 wireshark: DoS (infinite loop) in the HTTP dissector
CVE-2013-4082 wireshark: Heap-based buffer overflow in the Ixia
IxVeriWave file parser
More information can be found on the 1.8.8 and 1.6.16 release notes.
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.9-1-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: wireshark
Source-Version: 1.10.0-1
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 711...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Balint Reczey <bal...@balintreczey.hu> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 12 Jun 2013 20:17:11 -0600
Source: wireshark
Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg
wireshark-doc libwireshark3 libwsutil3 libwsutil-dev libwireshark-data
libwireshark-dev libwiretap3 libwiretap-dev
Architecture: source amd64 all
Version: 1.10.0-1
Distribution: experimental
Urgency: high
Maintainer: Balint Reczey <bal...@balintreczey.hu>
Changed-By: Balint Reczey <bal...@balintreczey.hu>
Description:
libwireshark-data - network packet dissection library -- data files
libwireshark-dev - network packet dissection library -- development files
libwireshark3 - network packet dissection library -- shared library
libwiretap-dev - network packet capture library -- development files
libwiretap3 - network packet capture library -- shared library
libwsutil-dev - network packet dissection utilities library -- shared library
libwsutil3 - network packet dissection utilities library -- shared library
tshark - network traffic analyzer - console version
wireshark - network traffic analyzer - GTK+ version
wireshark-common - network traffic analyzer - common files
wireshark-dbg - network traffic analyzer - debug symbols
wireshark-dev - network traffic analyzer - development tools
wireshark-doc - network traffic analyzer - documentation
Closes: 711918
Changes:
wireshark (1.10.0-1) unstable; urgency=high
.
* New upstream release 1.10.0
- release notes:
https://wireshark.org/docs/relnotes/wireshark-1.10.0.html
- security fixes (compared to 1.8.7-1) (Closes: #711918):
- The CAPWAP dissector could crash. Discovered by Laurent Butti.
(CVE-2013-4074)
- The GMR-1 BCCH dissector could crash.
Discovered by Sylvain Munaut and Laurent Butti. (CVE-2013-4075)
- The PPP dissector could crash. Discovered by Laurent Butti.
(CVE-2013-4076)
- The NBAP dissector could crash. (CVE-2013-4077)
- The RDP dissector could crash. Discovered by Laurent Butti.
(CVE-2013-4078)
- The GSM CBCH dissector could crash. Discovered by Laurent Butti.
(CVE-2013-4079)
- The HTTP dissector could overrun the stack. (CVE-2013-4081)
- The Ixia IxVeriWave file parser could overflow the heap.
Discovered by Sachin Shinde. (CVE-2013-4082)
- The DCP ETSI dissector could crash. (CVE-2013-4083)
* 07_library-versions.patch: adjust only CMake built libraries
Checksums-Sha1:
4e1122e5ee9b0a208a8471219482d308e45df8cb 2934 wireshark_1.10.0-1.dsc
c78a5d5e589edc8ebc702eb00a284ccbca7721bc 27101631 wireshark_1.10.0.orig.tar.bz2
a9f243dc0ec1395d7787174724bdab26153c517a 54090 wireshark_1.10.0-1.debian.tar.gz
eddaeea34d5d4b67274988f6c26d1c2aa41f5595 706266
wireshark-common_1.10.0-1_amd64.deb
83465c75fc11760e145c066951bce5912fc771dc 1489832 wireshark_1.10.0-1_amd64.deb
ae8e0d3392ffd4c838e059f6ef7547f5bf11c574 654752 tshark_1.10.0-1_amd64.deb
ac90cb0ceedd3ad9d04ee097654df5b8f1b5a15b 654560
wireshark-dev_1.10.0-1_amd64.deb
e4758de2695471c7d29a6c3c9374b505822828ba 29201350
wireshark-dbg_1.10.0-1_amd64.deb
ca5456203438045b9971c76be45f0045b5be1a43 4328100 wireshark-doc_1.10.0-1_all.deb
3316469601e2e948b2a22271bd37fffa63bf4113 15048306
libwireshark3_1.10.0-1_amd64.deb
f050b908c1b4a54bc9a4fc55ef9476c482707084 529170 libwsutil3_1.10.0-1_amd64.deb
5a6c18be10390a1d060263306efc3337cf69268f 528424
libwsutil-dev_1.10.0-1_amd64.deb
d93d2b5a11a8eb00420a1db47453d91fe93f764c 1752288
libwireshark-data_1.10.0-1_all.deb
24ac3192429c8093fca71431705ac6bd953351e1 1406188
libwireshark-dev_1.10.0-1_amd64.deb
f6fbc41462ffc08985ac51bcf336c642fd72c94a 669452 libwiretap3_1.10.0-1_amd64.deb
14b5586f1ce478516eff485caca0e5762dd30a72 548042
libwiretap-dev_1.10.0-1_amd64.deb
Checksums-Sha256:
dd28eb42a151e6c59afdcd8fa824afb408897897a26b1b3ee000549bdcd63460 2934
wireshark_1.10.0-1.dsc
1f4b377ba6284a51797bcc437aa2918bfaeb5d30908cd6194bd09f7054c65add 27101631
wireshark_1.10.0.orig.tar.bz2
5d738dc1692f0d696325c4d3b11d22a443619a87aaead3d82adf59cff522032c 54090
wireshark_1.10.0-1.debian.tar.gz
a0e5f34389f7e0577f6e1956bbfffb94b90b2d5bd9705f9733771f71cc670553 706266
wireshark-common_1.10.0-1_amd64.deb
ff6684f5f2153aa40762298408acd812000872b7949e2fa87ff4a37271e09a6f 1489832
wireshark_1.10.0-1_amd64.deb
573824c1d27035bc0cb6108ba30fb0da9c5b2124136c559a1d11c5e16b1b73b5 654752
tshark_1.10.0-1_amd64.deb
cf515d3005fcafa3dfb9ec3e91225c26de33bd363d5ffd057fda46a25d98a620 654560
wireshark-dev_1.10.0-1_amd64.deb
42718c0acefa2acb8722594201b8097d1fc8ae74cb83e7dc7862977834661f43 29201350
wireshark-dbg_1.10.0-1_amd64.deb
63f960aa41112ad4612188f1719aa06a39a71a2c9ded8b37225860e1c04f4034 4328100
wireshark-doc_1.10.0-1_all.deb
571bc132d827431f2df4183c55cddf5dfd00b82bd80f3ff5bb19dae6e1a32585 15048306
libwireshark3_1.10.0-1_amd64.deb
adde87de047bf19dff45aa6cace57e2ee2ff247d93c4fe79fb38477047b8b0c6 529170
libwsutil3_1.10.0-1_amd64.deb
8ef45974e5a4717625bfd97a7e8e865c248b034de4b85454e1bc392d8f943fbe 528424
libwsutil-dev_1.10.0-1_amd64.deb
bc2528ddc177a9ae433a94e289747bb31228c25f2839388ea4539fdb26934a3c 1752288
libwireshark-data_1.10.0-1_all.deb
7ade2628bf5f5b3f13bb017a7323589a12e3807ca5955898c0c3f1cc18a50214 1406188
libwireshark-dev_1.10.0-1_amd64.deb
c35085c0f9e9b5e320bdb0cba71e667cdb8f3e1fdc1fbe7a56435c2889e0fb60 669452
libwiretap3_1.10.0-1_amd64.deb
4e8aef97b0aade56566ef1fdbb1b2f9e73b70080303b6eed0d776496b6e1839c 548042
libwiretap-dev_1.10.0-1_amd64.deb
Files:
9603be17195eae66e6babe138161cabb 2934 net optional wireshark_1.10.0-1.dsc
72e51cd33fd33c7044a41c2ab51ad7af 27101631 net optional
wireshark_1.10.0.orig.tar.bz2
cbb5c3c5f98b5bd1a240b32c8f449924 54090 net optional
wireshark_1.10.0-1.debian.tar.gz
90c9d35715492723d6d6b90892dba0c7 706266 net optional
wireshark-common_1.10.0-1_amd64.deb
7e15df3a86744983440a106ed5f5c3f3 1489832 net optional
wireshark_1.10.0-1_amd64.deb
b848d727548fd314a56a82109f56953a 654752 net optional tshark_1.10.0-1_amd64.deb
6bd8c68694ca18c6d442240aa046d1ec 654560 devel optional
wireshark-dev_1.10.0-1_amd64.deb
4a83c17a3d80d060e3560fe25642e289 29201350 debug extra
wireshark-dbg_1.10.0-1_amd64.deb
828f1bb9b1375043dda73dc5fcc067f7 4328100 doc extra
wireshark-doc_1.10.0-1_all.deb
f375205e1a1f39e8b8570316f4b8a3f4 15048306 libs optional
libwireshark3_1.10.0-1_amd64.deb
c7c4ff78dfb196140128efccb3b084b2 529170 libs optional
libwsutil3_1.10.0-1_amd64.deb
6eda0403a81bb06f2a0571970c15d84d 528424 libdevel optional
libwsutil-dev_1.10.0-1_amd64.deb
bf0970debfbf3dd83eb4f10e0d785698 1752288 libs optional
libwireshark-data_1.10.0-1_all.deb
b006beebc0b8833157d9329b2bcd5c1f 1406188 libdevel optional
libwireshark-dev_1.10.0-1_amd64.deb
74f76735ae8f84fc6dc7113668ffeb78 669452 libs optional
libwiretap3_1.10.0-1_amd64.deb
7a80734ace74fb1a3801b6c4790900e1 548042 libdevel optional
libwiretap-dev_1.10.0-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRumjhAAoJEPZk0la0aRp9n0kQALB2zYxmRNK+vDSNNHmjNGwd
WEG4ze7wGKhaIDxijsGb9Jvcpn+L1k5bp2FbhF4A6tAwsiKqhTT9PLHsABFxqA7g
TaDrluyjzNaYExBZEc61HrgC19wRjRUgyPXBE1GlgQFSRnA5GSsHxZrZqjgeUQ+w
pfameqqo6RWmZCdPFY67Lg6QZWM4jCTOFLTIr86Lom1E4Mi8TBRfAofJJXoqWzKn
OLLqoshu/7UtYNcg1zvPe5hecQ+Bk8D7tkix/qN5bgqT31mCcz93wOZ5s+/BIO7B
Fe4L328qAgxdLndElXZ9EZvSX07W2V2opNB4TP3uWtRzFE285macuFayyQS2Rf22
vT7qQxU6s/lVbhMJhXV+dAaoD3gshWO9RWxwEXEOlAJFYvvhQnm9sShJyQj2FTiW
s1RIYRSq+/UZigtmxwgPb992g1ZOt3tQ8nIszqqlF1TfFamhMkff6/skXs6LjpGw
qijLdRDeLe6LvjVaWdGgPbUtJN5rVchxTTxPs34hAYPjugNjOqxK1becQZG+CGR0
2ExPL+CRu8prD+SugU4cj8eFKkPdXzVhIBrlTeJUJWQ1qBwIO88sBrIv2VwdZNLe
NTibR+iZE+XcST+AOWk56/EvIP2J/t8e27Ha53EPEPa8bqcYXhqxnV9ogPFOdOxF
y2bHihmxLwPagpIHMwso
=TamY
-----END PGP SIGNATURE-----
--- End Message ---