Bug#711918: marked as done (wireshark: Multiple vulnerabilities in wireshark dissectors)

[Debian Bug Tracking System]

Your message dated Sun, 23 Jun 2013 13:00:38 +0000
with message-id <e1uqjui-0001v4...@franck.debian.org>
and subject line Bug#711918: fixed in wireshark 1.10.0-1
has caused the Debian Bug report #711918,
regarding wireshark: Multiple vulnerabilities in wireshark dissectors
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
711918: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711918
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: wireshark
Severity: serious

Hi,

multiple vulnerabilities were found in various wireshark detectors:

CVE-2013-4074 wireshark: DoS (crash) in the CAPWAP dissector
CVE-2013-4075 wireshark: DoS (crash) in the GMR-1 BCCH dissector
CVE-2013-4076 wireshark: Invalid free in the PPP dissector
CVE-2013-4077 wireshark: Array index error in the NBAP dissector
CVE-2013-4078 wireshark: DoS (infinite loop) in the RDP dissector
CVE-2013-4079 wireshark: DoS (infinite loop, application hang) in the GSM CBCH 
dissector
CVE-2013-4080 wireshark: DoS (infinite loop, CPU & memory consumption) in the 
Assa Abloy R3 dissector 
CVE-2013-4081 wireshark: DoS (infinite loop) in the HTTP dissector
CVE-2013-4082 wireshark: Heap-based buffer overflow in the Ixia
IxVeriWave file parser

More information can be found on the 1.8.8 and 1.6.16 release notes.

Regards,
-- 
Yves-Alexis

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.9-1-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: wireshark
Source-Version: 1.10.0-1

We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 711...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Balint Reczey <bal...@balintreczey.hu> (supplier of updated wireshark package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 12 Jun 2013 20:17:11 -0600
Source: wireshark
Binary: wireshark-common wireshark tshark wireshark-dev wireshark-dbg 
wireshark-doc libwireshark3 libwsutil3 libwsutil-dev libwireshark-data 
libwireshark-dev libwiretap3 libwiretap-dev
Architecture: source amd64 all
Version: 1.10.0-1
Distribution: experimental
Urgency: high
Maintainer: Balint Reczey <bal...@balintreczey.hu>
Changed-By: Balint Reczey <bal...@balintreczey.hu>
Description: 
 libwireshark-data - network packet dissection library -- data files
 libwireshark-dev - network packet dissection library -- development files
 libwireshark3 - network packet dissection library -- shared library
 libwiretap-dev - network packet capture library -- development files
 libwiretap3 - network packet capture library -- shared library
 libwsutil-dev - network packet dissection utilities library -- shared library
 libwsutil3 - network packet dissection utilities library -- shared library
 tshark     - network traffic analyzer - console version
 wireshark  - network traffic analyzer - GTK+ version
 wireshark-common - network traffic analyzer - common files
 wireshark-dbg - network traffic analyzer - debug symbols
 wireshark-dev - network traffic analyzer - development tools
 wireshark-doc - network traffic analyzer - documentation
Closes: 711918
Changes: 
 wireshark (1.10.0-1) unstable; urgency=high
 .
   * New upstream release 1.10.0
     - release notes:
       https://wireshark.org/docs/relnotes/wireshark-1.10.0.html
     - security fixes (compared to 1.8.7-1) (Closes: #711918):
       - The CAPWAP dissector could crash. Discovered by Laurent Butti.
         (CVE-2013-4074)
       - The GMR-1 BCCH dissector could crash.
         Discovered by Sylvain Munaut and Laurent Butti. (CVE-2013-4075)
       - The PPP dissector could crash. Discovered by Laurent Butti.
         (CVE-2013-4076)
       - The NBAP dissector could crash. (CVE-2013-4077)
       - The RDP dissector could crash. Discovered by Laurent Butti.
         (CVE-2013-4078)
       - The GSM CBCH dissector could crash. Discovered by Laurent Butti.
         (CVE-2013-4079)
       - The HTTP dissector could overrun the stack. (CVE-2013-4081)
       - The Ixia IxVeriWave file parser could overflow the heap.
         Discovered by Sachin Shinde. (CVE-2013-4082)
       - The DCP ETSI dissector could crash. (CVE-2013-4083)
   * 07_library-versions.patch: adjust only CMake built libraries
Checksums-Sha1: 
 4e1122e5ee9b0a208a8471219482d308e45df8cb 2934 wireshark_1.10.0-1.dsc
 c78a5d5e589edc8ebc702eb00a284ccbca7721bc 27101631 wireshark_1.10.0.orig.tar.bz2
 a9f243dc0ec1395d7787174724bdab26153c517a 54090 wireshark_1.10.0-1.debian.tar.gz
 eddaeea34d5d4b67274988f6c26d1c2aa41f5595 706266 
wireshark-common_1.10.0-1_amd64.deb
 83465c75fc11760e145c066951bce5912fc771dc 1489832 wireshark_1.10.0-1_amd64.deb
 ae8e0d3392ffd4c838e059f6ef7547f5bf11c574 654752 tshark_1.10.0-1_amd64.deb
 ac90cb0ceedd3ad9d04ee097654df5b8f1b5a15b 654560 
wireshark-dev_1.10.0-1_amd64.deb
 e4758de2695471c7d29a6c3c9374b505822828ba 29201350 
wireshark-dbg_1.10.0-1_amd64.deb
 ca5456203438045b9971c76be45f0045b5be1a43 4328100 wireshark-doc_1.10.0-1_all.deb
 3316469601e2e948b2a22271bd37fffa63bf4113 15048306 
libwireshark3_1.10.0-1_amd64.deb
 f050b908c1b4a54bc9a4fc55ef9476c482707084 529170 libwsutil3_1.10.0-1_amd64.deb
 5a6c18be10390a1d060263306efc3337cf69268f 528424 
libwsutil-dev_1.10.0-1_amd64.deb
 d93d2b5a11a8eb00420a1db47453d91fe93f764c 1752288 
libwireshark-data_1.10.0-1_all.deb
 24ac3192429c8093fca71431705ac6bd953351e1 1406188 
libwireshark-dev_1.10.0-1_amd64.deb
 f6fbc41462ffc08985ac51bcf336c642fd72c94a 669452 libwiretap3_1.10.0-1_amd64.deb
 14b5586f1ce478516eff485caca0e5762dd30a72 548042 
libwiretap-dev_1.10.0-1_amd64.deb
Checksums-Sha256: 
 dd28eb42a151e6c59afdcd8fa824afb408897897a26b1b3ee000549bdcd63460 2934 
wireshark_1.10.0-1.dsc
 1f4b377ba6284a51797bcc437aa2918bfaeb5d30908cd6194bd09f7054c65add 27101631 
wireshark_1.10.0.orig.tar.bz2
 5d738dc1692f0d696325c4d3b11d22a443619a87aaead3d82adf59cff522032c 54090 
wireshark_1.10.0-1.debian.tar.gz
 a0e5f34389f7e0577f6e1956bbfffb94b90b2d5bd9705f9733771f71cc670553 706266 
wireshark-common_1.10.0-1_amd64.deb
 ff6684f5f2153aa40762298408acd812000872b7949e2fa87ff4a37271e09a6f 1489832 
wireshark_1.10.0-1_amd64.deb
 573824c1d27035bc0cb6108ba30fb0da9c5b2124136c559a1d11c5e16b1b73b5 654752 
tshark_1.10.0-1_amd64.deb
 cf515d3005fcafa3dfb9ec3e91225c26de33bd363d5ffd057fda46a25d98a620 654560 
wireshark-dev_1.10.0-1_amd64.deb
 42718c0acefa2acb8722594201b8097d1fc8ae74cb83e7dc7862977834661f43 29201350 
wireshark-dbg_1.10.0-1_amd64.deb
 63f960aa41112ad4612188f1719aa06a39a71a2c9ded8b37225860e1c04f4034 4328100 
wireshark-doc_1.10.0-1_all.deb
 571bc132d827431f2df4183c55cddf5dfd00b82bd80f3ff5bb19dae6e1a32585 15048306 
libwireshark3_1.10.0-1_amd64.deb
 adde87de047bf19dff45aa6cace57e2ee2ff247d93c4fe79fb38477047b8b0c6 529170 
libwsutil3_1.10.0-1_amd64.deb
 8ef45974e5a4717625bfd97a7e8e865c248b034de4b85454e1bc392d8f943fbe 528424 
libwsutil-dev_1.10.0-1_amd64.deb
 bc2528ddc177a9ae433a94e289747bb31228c25f2839388ea4539fdb26934a3c 1752288 
libwireshark-data_1.10.0-1_all.deb
 7ade2628bf5f5b3f13bb017a7323589a12e3807ca5955898c0c3f1cc18a50214 1406188 
libwireshark-dev_1.10.0-1_amd64.deb
 c35085c0f9e9b5e320bdb0cba71e667cdb8f3e1fdc1fbe7a56435c2889e0fb60 669452 
libwiretap3_1.10.0-1_amd64.deb
 4e8aef97b0aade56566ef1fdbb1b2f9e73b70080303b6eed0d776496b6e1839c 548042 
libwiretap-dev_1.10.0-1_amd64.deb
Files: 
 9603be17195eae66e6babe138161cabb 2934 net optional wireshark_1.10.0-1.dsc
 72e51cd33fd33c7044a41c2ab51ad7af 27101631 net optional 
wireshark_1.10.0.orig.tar.bz2
 cbb5c3c5f98b5bd1a240b32c8f449924 54090 net optional 
wireshark_1.10.0-1.debian.tar.gz
 90c9d35715492723d6d6b90892dba0c7 706266 net optional 
wireshark-common_1.10.0-1_amd64.deb
 7e15df3a86744983440a106ed5f5c3f3 1489832 net optional 
wireshark_1.10.0-1_amd64.deb
 b848d727548fd314a56a82109f56953a 654752 net optional tshark_1.10.0-1_amd64.deb
 6bd8c68694ca18c6d442240aa046d1ec 654560 devel optional 
wireshark-dev_1.10.0-1_amd64.deb
 4a83c17a3d80d060e3560fe25642e289 29201350 debug extra 
wireshark-dbg_1.10.0-1_amd64.deb
 828f1bb9b1375043dda73dc5fcc067f7 4328100 doc extra 
wireshark-doc_1.10.0-1_all.deb
 f375205e1a1f39e8b8570316f4b8a3f4 15048306 libs optional 
libwireshark3_1.10.0-1_amd64.deb
 c7c4ff78dfb196140128efccb3b084b2 529170 libs optional 
libwsutil3_1.10.0-1_amd64.deb
 6eda0403a81bb06f2a0571970c15d84d 528424 libdevel optional 
libwsutil-dev_1.10.0-1_amd64.deb
 bf0970debfbf3dd83eb4f10e0d785698 1752288 libs optional 
libwireshark-data_1.10.0-1_all.deb
 b006beebc0b8833157d9329b2bcd5c1f 1406188 libdevel optional 
libwireshark-dev_1.10.0-1_amd64.deb
 74f76735ae8f84fc6dc7113668ffeb78 669452 libs optional 
libwiretap3_1.10.0-1_amd64.deb
 7a80734ace74fb1a3801b6c4790900e1 548042 libdevel optional 
libwiretap-dev_1.10.0-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRumjhAAoJEPZk0la0aRp9n0kQALB2zYxmRNK+vDSNNHmjNGwd
WEG4ze7wGKhaIDxijsGb9Jvcpn+L1k5bp2FbhF4A6tAwsiKqhTT9PLHsABFxqA7g
TaDrluyjzNaYExBZEc61HrgC19wRjRUgyPXBE1GlgQFSRnA5GSsHxZrZqjgeUQ+w
pfameqqo6RWmZCdPFY67Lg6QZWM4jCTOFLTIr86Lom1E4Mi8TBRfAofJJXoqWzKn
OLLqoshu/7UtYNcg1zvPe5hecQ+Bk8D7tkix/qN5bgqT31mCcz93wOZ5s+/BIO7B
Fe4L328qAgxdLndElXZ9EZvSX07W2V2opNB4TP3uWtRzFE285macuFayyQS2Rf22
vT7qQxU6s/lVbhMJhXV+dAaoD3gshWO9RWxwEXEOlAJFYvvhQnm9sShJyQj2FTiW
s1RIYRSq+/UZigtmxwgPb992g1ZOt3tQ8nIszqqlF1TfFamhMkff6/skXs6LjpGw
qijLdRDeLe6LvjVaWdGgPbUtJN5rVchxTTxPs34hAYPjugNjOqxK1becQZG+CGR0
2ExPL+CRu8prD+SugU4cj8eFKkPdXzVhIBrlTeJUJWQ1qBwIO88sBrIv2VwdZNLe
NTibR+iZE+XcST+AOWk56/EvIP2J/t8e27Ha53EPEPa8bqcYXhqxnV9ogPFOdOxF
y2bHihmxLwPagpIHMwso
=TamY
-----END PGP SIGNATURE-----

--- End Message ---