Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
24044361 by Moritz Muehlenhoff at 2018-10-11T21:03:15Z
claim all the magick
drop no-dsa entries which will be fixed in forthcoming DSA
migrate a few wireshark CVE IDs which were tracked in CVE/list to DSA/list
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -5320,21 +5320,18 @@ CVE-2018-16059 (Endress+Hauser WirelessHART Fieldgate
SWG70 3.x devices allow ..
NOT-FOR-US: Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices
CVE-2018-16058 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to
2.2.16, the ...)
- wireshark 2.6.3-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14884
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c48d6a6d60c5c9111838a945966b6cb8750777be
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-44.html
CVE-2018-16057 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to
2.2.16, the ...)
- wireshark 2.6.3-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15022
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-46.html
CVE-2018-16056 (In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to
2.2.16, the ...)
- wireshark 2.6.3-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <not-affected> (vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14994
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f98fbce64cb230e94a2cafc410a3cedad657b485
@@ -9546,20 +9543,17 @@ CVE-2018-14370 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0
to 2.4.7, the IEEE 802.11
CVE-2018-14369 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
{DLA-1451-1}
- wireshark 2.6.2-1
- [stretch] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14869
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=038cd225bfa54e2a7ade4043118796334920a61e
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-41.html
CVE-2018-14368 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
{DLA-1451-1}
- wireshark 2.6.2-1
- [stretch] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14841
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6c44312f465014eb409d766a9828b7f101f6251c
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-40.html
CVE-2018-14367 (In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP
protocol ...)
- wireshark 2.6.2-1
- [stretch] - wireshark <not-affected> (Vulnerable code not present)
[jessie] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14966
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81ce5fcb3e37a0aaeb7532f7a2a09366f16fa310
@@ -9688,7 +9682,6 @@ CVE-2018-14345 (An issue was discovered in SDDM through
0.17.0. If configured wi
NOTE:
https://github.com/sddm/sddm/commit/147cec383892d143b5e02daa70f1e7def50f5d98
CVE-2018-14344 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
- wireshark 2.6.2-1
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <not-affected> (Vulnerable code not present,
introduced in v1.99.1rc0-224-g6720c80bab)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14672
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f7153685b39a164aea09ba7f96ebb648b8328ae
@@ -9702,14 +9695,12 @@ CVE-2018-14343 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to
2.4.7, and 2.2.0 to 2.2.15
CVE-2018-14342 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
{DLA-1451-1}
- wireshark 2.6.2-1
- [stretch] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13741
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=36af43dbb7673495948cd65d0346e8b9812b941c
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-34.html
CVE-2018-14341 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
{DLA-1451-1}
- wireshark 2.6.2-1
- [stretch] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14742
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e716c32be6aa20e1813b0002878853e71f8b2f4
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-39.html
@@ -9722,7 +9713,6 @@ CVE-2018-14340 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to
2.4.7, and 2.2.0 to 2.2.15
CVE-2018-14339 (In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to
2.2.15, the ...)
{DLA-1451-1}
- wireshark 2.6.2-1
- [stretch] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14738
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b77c0a596a8071aebc1de71e3f79e5e15e919ca
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-38.html
@@ -17282,7 +17272,6 @@ CVE-2018-11362 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and
2.2.0 to 2.2.14, the LDS
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-25.html
CVE-2018-11361 (In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could
crash. ...)
- wireshark 2.6.1-1 (bug #900708)
- [stretch] - wireshark <ignored> (Minor issue, also wasn't backported to
older branches due to low impact)
[jessie] - wireshark <not-affected> (vulnerable code not present (TDLS
support added in version 2.1.0))
[wheezy] - wireshark <not-affected> (vulnerable code not present (TDLS
support added in version 2.1.0))
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686
@@ -17290,7 +17279,6 @@ CVE-2018-11361 (In Wireshark 2.6.0, the IEEE 802.11
protocol dissector could cra
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-32.html
CVE-2018-11360 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the
GSM A DTAP ...)
- wireshark 2.6.1-1 (bug #900708)
- [stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
[jessie] - wireshark <not-affected> (vulnerable code not present (uses
static a_bigbuf instead))
[wheezy] - wireshark <not-affected> (vulnerable code not present (uses
static a_bigbuf instead))
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14688
@@ -17298,7 +17286,6 @@ CVE-2018-11360 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and
2.2.0 to 2.2.14, the GSM
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-30.html
CVE-2018-11359 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the
RRC ...)
- wireshark 2.6.1-1 (bug #900708)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14703
@@ -17312,7 +17299,6 @@ CVE-2018-11358 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and
2.2.0 to 2.2.14, the Q.9
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-31.html
CVE-2018-11357 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the
LTP ...)
- wireshark 2.6.1-1 (bug #900708)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14678
@@ -17320,7 +17306,6 @@ CVE-2018-11357 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and
2.2.0 to 2.2.14, the LTP
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-28.html
CVE-2018-11356 (In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the
DNS ...)
- wireshark 2.6.1-1 (bug #900708)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14681
@@ -22720,7 +22705,6 @@ CVE-2018-9274 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, ui/failure_messa
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9273 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
- wireshark 2.4.6-1
- [stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
[jessie] - wireshark <not-affected> (Vulnerable code not present)
[wheezy] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14488
@@ -22728,7 +22712,6 @@ CVE-2018-9273 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, ...)
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9272 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
- wireshark 2.4.6-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14487
@@ -22736,7 +22719,6 @@ CVE-2018-9272 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, ...)
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9271 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
- wireshark 2.4.6-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14486
@@ -22745,7 +22727,6 @@ CVE-2018-9271 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, ...)
CVE-2018-9270 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c
has a ...)
{DLA-1388-1}
- wireshark 2.4.6-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14485
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0fbc50f9b9219be54d6db47f04b65af19696a7c7
@@ -22753,7 +22734,6 @@ CVE-2018-9270 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, epan/oids.c has
CVE-2018-9269 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
{DLA-1388-1}
- wireshark 2.4.6-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa
@@ -22761,14 +22741,12 @@ CVE-2018-9269 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0
to 2.2.13, ...)
CVE-2018-9268 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
{DLA-1388-1}
- wireshark 2.4.6-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14483
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c69d710d2bf39fe633800db65efddf55701131b6
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9267 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
- wireshark 2.4.6-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14482
@@ -22776,7 +22754,6 @@ CVE-2018-9267 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, ...)
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9266 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
- wireshark 2.4.6-1
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <not-affected> (Vulnerable code not present)
[wheezy] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14481
@@ -22784,7 +22761,6 @@ CVE-2018-9266 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, ...)
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9265 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
- wireshark 2.4.6-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14480
@@ -22792,7 +22768,6 @@ CVE-2018-9265 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to
2.2.13, ...)
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9264 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB
dissector ...)
- wireshark 2.4.6-1
- [stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
[jessie] - wireshark <not-affected> (Vulnerable code not present (only
adb_cs available))
[wheezy] - wireshark <not-affected> (Vulnerable code not present (only
adb_cs available))
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14460
@@ -22801,14 +22776,12 @@ CVE-2018-9264 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0
to 2.2.13, the ADB dissecto
CVE-2018-9263 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos
dissector ...)
{DLA-1388-1}
- wireshark 2.4.6-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14576
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4fe65168fd0de81306710330aa414f10f53cbdf0
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-23.html
CVE-2018-9262 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN
dissector ...)
- wireshark 2.4.6-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14469
@@ -22823,14 +22796,12 @@ CVE-2018-9261 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0
to 2.2.13, the NBAP dissect
CVE-2018-9260 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE
802.15.4 ...)
{DLA-1388-1}
- wireshark 2.4.6-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14468
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=14d6f717d8ea27688af48532edb1d29f502ea8f0
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-17.html
CVE-2018-9259 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4
dissector ...)
- wireshark 2.4.6-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
@@ -22839,14 +22810,12 @@ CVE-2018-9259 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0
to 2.2.13, the MP4 dissecto
CVE-2018-9258 (In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash.
This was ...)
{DLA-1388-1}
- wireshark 2.4.6-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14472
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2d4695de1477df60b0188fd581c0c279db601978
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-21.html
CVE-2018-9257 (In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an
...)
- wireshark 2.4.6-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14530
@@ -22854,7 +22823,6 @@ CVE-2018-9257 (In Wireshark 2.4.0 to 2.4.5, the CQL
dissector could go into an .
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-22.html
CVE-2018-9256 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP
dissector ...)
- wireshark 2.4.6-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14467
@@ -27792,7 +27760,6 @@ CVE-2018-7422 (A Local File Inclusion vulnerability in
the Site Editor plugin th
NOT-FOR-US: Site Editor plugin for WordPress
CVE-2018-7421 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP
dissector ...)
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14408
@@ -27802,7 +27769,6 @@ CVE-2018-7421 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0
to 2.4.4, the DMP dissecto
CVE-2018-7420 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng
file parser ...)
{DLA-1353-1}
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14403
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=129e41f9f63885ad8224ef413c2860788fb9e849
@@ -27816,7 +27782,6 @@ CVE-2018-7419 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0
to 2.4.4, the NBAP dissect
CVE-2018-7418 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP
dissector ...)
{DLA-1353-1}
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14410
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=29d920b8309905dda11ad397596fe8aafc9b4bf7
@@ -27824,7 +27789,6 @@ CVE-2018-7418 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0
to 2.4.4, the SIGCOMP diss
CVE-2018-7417 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI
dissector ...)
{DLA-1353-1}
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14409
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81216a176b25dd8a616e11808a951e141a467009
@@ -28048,7 +28012,6 @@ CVE-2018-7338
CVE-2018-7337 (In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector
could crash. ...)
{DLA-1353-1}
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14446
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=511a8b0b546d25413e289dc5a7d3a455a33994c2
@@ -28056,7 +28019,6 @@ CVE-2018-7337 (In Wireshark 2.4.0 to 2.4.4, the DOCSIS
protocol dissector could
CVE-2018-7336 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP
protocol ...)
{DLA-1353-1}
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14374
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b56f598f1bc04f5d00f13b38c713763928cedb7c
@@ -28075,7 +28037,6 @@ CVE-2018-7334 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to
2.2.12, the UMTS MAC dis
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-07.html
CVE-2018-7333 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <not-affected> (vulnerable code introduced later
in v1.99.7)
[wheezy] - wireshark <not-affected> (vulnerable code introduced later
in v1.99.7)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14449
@@ -28084,14 +28045,12 @@ CVE-2018-7333 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0
to 2.2.12, ...)
CVE-2018-7332 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
{DLA-1353-1}
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14445
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1ab0585098c7ce20f3afceb6730427cc2a1e98ea
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7331 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14444
@@ -28107,7 +28066,6 @@ CVE-2018-7330 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to
2.2.12, ...)
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7329 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <not-affected> (vulnerable code introduced later
in v1.99.0)
[wheezy] - wireshark <not-affected> (vulnerable code introduced later
in v1.99.0)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14423
@@ -28131,7 +28089,6 @@ CVE-2018-7327 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to
2.2.12, ...)
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7326 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <not-affected> (vulnerable code introduced later
in v1.99.0)
[wheezy] - wireshark <not-affected> (vulnerable code introduced later
in v1.99.0)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14419
@@ -28139,7 +28096,6 @@ CVE-2018-7326 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to
2.2.12, ...)
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7325 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <not-affected> (vulnerable code introduced later)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14414
@@ -28148,7 +28104,6 @@ CVE-2018-7325 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to
2.2.12, ...)
CVE-2018-7324 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
{DLA-1353-1}
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14413
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9e7695bbee18525eaa6d12b32230313ae8a36a81
@@ -28156,7 +28111,6 @@ CVE-2018-7324 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to
2.2.12, ...)
CVE-2018-7323 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
{DLA-1353-1}
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14412
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f9199ea8cff56c6704e9828c3d80360b27c4565
@@ -28165,14 +28119,12 @@ CVE-2018-7323 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0
to 2.2.12, ...)
CVE-2018-7322 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
{DLA-1353-1}
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14411
NOTE:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=afc780e2c796e971bb7d164103f4f0d10d3c25b5
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7321 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
- wireshark 2.4.5-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <not-affected> (vulnerable code introduced later
in v1.99.6)
[wheezy] - wireshark <not-affected> (vulnerable code introduced later
in v1.99.6)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14379
@@ -28180,7 +28132,6 @@ CVE-2018-7321 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to
2.2.12, ...)
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7320 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP
protocol ...)
- wireshark 2.4.5-1
- [stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
[jessie] - wireshark <not-affected> (Vulnerable code introduced later)
[wheezy] - wireshark <not-affected> (Vulnerable code introduced later)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14398
@@ -38538,7 +38489,6 @@ CVE-2017-17998
RESERVED
CVE-2017-17997 (In Wireshark before 2.2.12, the MRDISC dissector misuses a
NULL ...)
- wireshark 2.4.0-1
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2018-02.html
@@ -39229,7 +39179,6 @@ CVE-2018-3600 (A external entity processing information
disclosure (XXE) ...)
NOT-FOR-US: Trend Micro
CVE-2017-17935 (The File_read_line function in epan/wslua/wslua_file.c in
Wireshark ...)
- wireshark 2.4.4-1 (bug #885831)
- [stretch] - wireshark <ignored> (Minor issue)
[jessie] - wireshark <ignored> (Minor issue)
[wheezy] - wireshark <ignored> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295
@@ -55593,7 +55542,6 @@ CVE-2017-15195 (In Kanboard before 1.0.47, by altering
form data, an authenticat
- kanboard <itp> (bug #790814)
CVE-2017-15193 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM
dissector ...)
- wireshark 2.4.2-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14056
@@ -55602,7 +55550,6 @@ CVE-2017-15193 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0
to 2.2.9, the MBIM dissect
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-43.html
CVE-2017-15192 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT
dissector ...)
- wireshark 2.4.2-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14049
@@ -55611,7 +55558,6 @@ CVE-2017-15192 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0
to 2.2.9, the BT ATT disse
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-42.html
CVE-2017-15191 (In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to
2.0.15, the ...)
- wireshark 2.4.2-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14068
@@ -55629,7 +55575,6 @@ CVE-2017-15190 (In Wireshark 2.4.0 to 2.4.1, the RTSP
dissector could crash. Thi
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-45.html
CVE-2017-15189 (In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go
into an ...)
- wireshark 2.4.2-1 (low)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080
@@ -59980,7 +59925,6 @@ CVE-2017-13768 (Null Pointer Dereference in the
IdentifyImage function in ...)
NOTE: ImageMagick-6:
https://github.com/ImageMagick/ImageMagick/commit/2c1b360d80e5f8f7c7108c0afedde64ab79318ff
CVE-2017-13767 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the
MSDP ...)
- wireshark 2.4.1-1
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933
@@ -59988,7 +59932,6 @@ CVE-2017-13767 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and
2.0.0 to 2.0.14, the MSD
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-38.html
CVE-2017-13766 (In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O
dissector could ...)
- wireshark 2.4.1-1
- [stretch] - wireshark 2.2.6+g32dac6a-2+deb9u1
[jessie] - wireshark <not-affected> (Vulnerable code not present)
[wheezy] - wireshark <not-affected> (Vulnerable code not present)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13847
@@ -59997,7 +59940,6 @@ CVE-2017-13766 (In Wireshark 2.4.0 and 2.2.0 to 2.2.8,
the Profinet I/O dissecto
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-39.html
CVE-2017-13765 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the
IrCOMM ...)
- wireshark 2.4.1-1
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13929
@@ -60005,7 +59947,6 @@ CVE-2017-13765 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and
2.0.0 to 2.0.14, the IrC
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-41.html
CVE-2017-13764 (In Wireshark 2.4.0, the Modbus dissector could crash with a
NULL ...)
- wireshark 2.4.1-1
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925
@@ -67185,7 +67126,6 @@ CVE-2017-11411 (In Wireshark through 2.0.13 and 2.2.x
through 2.2.7, the openSAF
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-28.html
CVE-2017-11410 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML
...)
- wireshark 2.4.0-1 (bug #870180)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <not-affected> (Incomplete fix for CVE-2017-7702
not applied)
[wheezy] - wireshark <not-affected> (Incomplete fix for CVE-2017-7702
not applied)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13796
@@ -67210,7 +67150,6 @@ CVE-2017-11408 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0
to 2.0.13, the AMQP dissec
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-34.html
CVE-2017-11407 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ
dissector could ...)
- wireshark 2.4.0-1 (low; bug #870172)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13792
@@ -67218,7 +67157,6 @@ CVE-2017-11407 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0
to 2.0.13, the MQ dissecto
NOTE: https://www.wireshark.org/security/wnpa-sec-2017-35.html
CVE-2017-11406 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS
dissector ...)
- wireshark 2.4.0-1 (bug #870172)
- [stretch] - wireshark <no-dsa> (Minor issue)
[jessie] - wireshark <no-dsa> (Minor issue)
[wheezy] - wireshark <no-dsa> (Minor issue)
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797
=====================================
data/DSA/list
=====================================
@@ -302,7 +302,7 @@
[jessie] - memcached 1.4.21-1.1+deb8u2
[stretch] - memcached 1.4.33-1+deb9u1
[03 Jun 2018] DSA-4217-1 wireshark - security update
- {CVE-2018-7334 CVE-2018-7335 CVE-2018-7419 CVE-2018-9261 CVE-2018-11358
CVE-2018-11362}
+ {CVE-2018-7334 CVE-2018-7335 CVE-2018-7419 CVE-2018-9261 CVE-2018-11358
CVE-2018-11362 CVE-2018-11360 CVE-2018-9273 CVE-2018-9264 CVE-2018-7320}
[jessie] - wireshark 1.12.1+g01b65bf-4+deb8u14
[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u3
[03 Jun 2018] DSA-4191-2 redmine - regression update
@@ -873,7 +873,7 @@
[jessie] - thunderbird 1:52.5.0-1~deb8u1
[stretch] - thunderbird 1:52.5.0-1~deb9u1
[09 Dec 2017] DSA-4060-1 wireshark - security update
- {CVE-2017-11408 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085}
+ {CVE-2017-11408 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085
CVE-2017-13766}
[jessie] - wireshark 1.12.1+g01b65bf-4+deb8u12
[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u1
[08 Dec 2017] DSA-4059-1 libxcursor - security update
=====================================
data/dsa-needed.txt
=====================================
@@ -29,7 +29,9 @@ glusterfs
--
gnutls28
--
-graphicsmagick
+graphicsmagick (jmm)
+--
+imagemagick (jmm)
--
knot-resolver
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/240443618b7745e10663fbf51e8b26bb6e5e6bdb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/240443618b7745e10663fbf51e8b26bb6e5e6bdb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
