Hi Jochen, On Fri, Jan 30, 2026 at 10:52:52AM +0100, Jochen Sprickerhof wrote: > * Moritz Mühlenhoff <[email protected]> [2026-01-30 09:27]: > > On Fri, Jan 23, 2026 at 12:49:33PM -0300, Matheus Polkorny wrote: > > > On Wed, Jan 21, 2026 at 09:46:11PM -0300, Matheus Polkorny wrote: > > > > Hello, > > > > > > > > I will prepare an upload of Wireshark for trixie > > > > > > Hi, > > > > > > I’ve imported the upstream patches to fix CVE-2026-0959, > > > CVE-2026-0961, and CVE-2026-0962 for trixie. > > > > > > The wireshark.debdiff is attached for review. If this looks good to you, > > > Samuel can proceed with the upload. > > > > > > The merge request is available at: > > > https://salsa.debian.org/debian/wireshark/-/merge_requests/6 > > Ah, missed that. > > > For Wireshark we had moved to a setup where we are following > > the upstream LTS releases for as along as they are supported, > > so we should rebase to 4.4.13 instead. > > @Matheus please tell me if you need help with that. > > > For CVE-2026-0962 we still need to figure out if bookworm is affected, > > the rest of the latest batches don't affect 4.0 > > Good point, looks like it is not. The bug was introduced in > ca941e3881fc85e032159d004b8bdb499b590ad3 "SOME/IP-SD: improve Entry/Option > handling and port registering" which is not part of the 4.0 branch.
We need still confirmation for that, see question on https://salsa.debian.org/security-tracker-team/security-tracker/-/merge_requests/259 . I sthis confirmed that this is the introductory commit for the vulnerability? Regards, Salvatore
