Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock Tags: patch
Dear Release Team, I have prepared wireshark 2.2.5+g440fd4d-1 in experimental which fixes 9 vulnerabilities and other bugs which are not listed here, just on the release notes link. Changes: wireshark (2.2.5+g440fd4d-1) experimental; urgency=medium . * New upstream release - release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.2.5.html - security fixes: - The STANAG 4607 file parser could go into an infinite loop (CVE-2017-6014) - The NetScaler file parser could go into an infinite loop (CVE-2017-6467) - The NetScaler file parser could crash (CVE-2017-6468) - The LDSS dissector could crash (CVE-2017-6469) - The IAX2 dissector could go into an infinite loop (CVE-2017-6470) - The WSP dissector could go into an infinite loop (CVE-2017-6471) - The RTMTP dissector could go into an infinite loop (CVE-2017-6472) - The K12 file parser could crash (CVE-2017-6473) - The NetScaler file parser could go into an infinite loop (CVE-2017-6474) * Update symbols file for libwireshark8 I believe wireshark point releases very rarely cause regressions due to the heavy testing performed upstream and I think it would be safe to upload this point release to unstable and let it migrate to testing. If you wouldn't like to accept the full point release to Stretch I will happily backport the security fixes to 2.2.4 and upload that to unstable. Please find the patch in the following link because it was too big for inclusion in the email: https://people.debian.org/~rbalint/wireshark_2.2.5+g440fd4d-1.patch Please share your preference regarding the next upload. Cheers, Balint unblock wireshark/2.2.5+g440fd4d-2