Control: tags -1 confirmed moreninfo On 08/03/17 09:52, Balint Reczey wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > Tags: patch > > Dear Release Team, > > I have prepared wireshark 2.2.5+g440fd4d-1 in experimental which fixes > 9 vulnerabilities and other bugs which are not listed here, just on > the release notes link. > > Changes: > wireshark (2.2.5+g440fd4d-1) experimental; urgency=medium > . > * New upstream release > - release notes: > https://www.wireshark.org/docs/relnotes/wireshark-2.2.5.html > - security fixes: > - The STANAG 4607 file parser could go into an infinite loop > (CVE-2017-6014) > - The NetScaler file parser could go into an infinite loop > (CVE-2017-6467) > - The NetScaler file parser could crash (CVE-2017-6468) > - The LDSS dissector could crash (CVE-2017-6469) > - The IAX2 dissector could go into an infinite loop > (CVE-2017-6470) > - The WSP dissector could go into an infinite loop (CVE-2017-6471) > - The RTMTP dissector could go into an infinite loop > (CVE-2017-6472) > - The K12 file parser could crash (CVE-2017-6473) > - The NetScaler file parser could go into an infinite loop > (CVE-2017-6474) > * Update symbols file for libwireshark8 > > I believe wireshark point releases very rarely cause regressions due > to the heavy testing performed upstream and I think it would be safe > to upload this point release to unstable and let it migrate to > testing. > > If you wouldn't like to accept the full point release to Stretch I > will happily backport the security fixes to 2.2.4 and upload that to > unstable.
Please go ahead with 2.2.5, and remove the moreinfo tag once it is accepted and built on all release architectures. Cheers, Emilio