Source: wireshark Version: 4.4.6-2 Severity: grave Tags: security upstream Forwarded: https://gitlab.com/wireshark/wireshark/-/issues/20509 X-Debbugs-Cc: s, [email protected], Debian Security Team <[email protected]> Control: fixed -1 4.4.7-0exp1
Hi, The following vulnerability was published for wireshark. Note, technically not necessary RC level, but we should try to get this fixed in trixie before the trixie release. It is already fixed in experimental via the 4.4.7-0exp1 upload. CVE-2025-5601[0]: | Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to | 4.2.12 allows denial of service via packet injection or crafted | capture file If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-5601 https://www.cve.org/CVERecord?id=CVE-2025-5601 [1] https://www.wireshark.org/security/wnpa-sec-2025-02.html [2] https://gitlab.com/wireshark/wireshark/-/issues/20509 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
