Your message dated Wed, 01 Nov 2006 02:32:22 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#396258: fixed in wireshark 0.99.4-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
package: wireshark
severity: grave
tags: security
Wireshark 0.99.4 fixes the following vulnerabilities:
The HTTP dissector could crash. (Bugs 1050 and 1079)
Versions affected: 0.99.3.
CVE-2006-5468
The LDAP dissector (and possibly others) could crash. (Bug 1054)
Versions affected: 0.99.3.
CVE-2006-5740
The XOT dissector could attempt to allocate a large amount of memory
and crash. (Bug 1133)
Versions affected: 0.9.8 to 0.99.3.
CVE-2006-4805
The WBXML dissector could crash. (Bug 1134)
Versions affected: 0.10.11 to 0.99.3.
CVE-2006-5469
The MIME Multipart dissector was susceptible to an off-by-one error.
(Bug 1135)
Versions affected: 0.10.1 to 0.99.3.
CVE-2006-4574
If AirPcap support was enabled, parsing a WEP key could sometimes
cause a crash.
Versions affected: 0.99.3.
See
http://www.wireshark.org/security/wnpa-sec-2006-03.html
for details.
--- End Message ---
--- Begin Message ---
Source: wireshark
Source-Version: 0.99.4-1
We believe that the bug you reported is fixed in the latest version of
wireshark, which is due to be installed in the Debian FTP archive:
ethereal-common_0.99.4-1_amd64.deb
to pool/main/w/wireshark/ethereal-common_0.99.4-1_amd64.deb
ethereal-dev_0.99.4-1_amd64.deb
to pool/main/w/wireshark/ethereal-dev_0.99.4-1_amd64.deb
ethereal_0.99.4-1_amd64.deb
to pool/main/w/wireshark/ethereal_0.99.4-1_amd64.deb
tethereal_0.99.4-1_amd64.deb
to pool/main/w/wireshark/tethereal_0.99.4-1_amd64.deb
tshark_0.99.4-1_amd64.deb
to pool/main/w/wireshark/tshark_0.99.4-1_amd64.deb
wireshark-common_0.99.4-1_amd64.deb
to pool/main/w/wireshark/wireshark-common_0.99.4-1_amd64.deb
wireshark-dev_0.99.4-1_amd64.deb
to pool/main/w/wireshark/wireshark-dev_0.99.4-1_amd64.deb
wireshark_0.99.4-1.diff.gz
to pool/main/w/wireshark/wireshark_0.99.4-1.diff.gz
wireshark_0.99.4-1.dsc
to pool/main/w/wireshark/wireshark_0.99.4-1.dsc
wireshark_0.99.4-1_amd64.deb
to pool/main/w/wireshark/wireshark_0.99.4-1_amd64.deb
wireshark_0.99.4.orig.tar.gz
to pool/main/w/wireshark/wireshark_0.99.4.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frederic Peters <[EMAIL PROTECTED]> (supplier of updated wireshark package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 1 Nov 2006 10:05:05 +0100
Source: wireshark
Binary: wireshark ethereal-dev wireshark-common tshark wireshark-dev ethereal
ethereal-common tethereal
Architecture: source amd64
Version: 0.99.4-1
Distribution: unstable
Urgency: high
Maintainer: Frederic Peters <[EMAIL PROTECTED]>
Changed-By: Frederic Peters <[EMAIL PROTECTED]>
Description:
ethereal - dummy upgrade package for ethereal -> wireshark
ethereal-common - dummy upgrade package for ethereal -> wireshark
ethereal-dev - dummy upgrade package for ethereal -> wireshark
tethereal - dummy upgrade package for ethereal -> wireshark
tshark - network traffic analyzer (console)
wireshark - network traffic analyzer
wireshark-common - network traffic analyser (common files)
wireshark-dev - network traffic analyser (development tools)
Closes: 375022 396258
Changes:
wireshark (0.99.4-1) unstable; urgency=high
.
* Backported security patches from yet unreleased 0.99.4 (closes: #396258)
* http://www.wireshark.org/security/wnpa-sec-2006-03.html has details
* HTTP dissector could crash (CVE-2006-5468)
* LDAP dissector (and others) could crash (CVE-2006-5740)
* XOT dissector could attempt to allocate a large amount of memory and
crash (CVE-2006-4805)
* WBXML dissector could crash (CVE-2006-5469)
* MIME Multipart dissectar was susceptible to an off-by-one error
(CVE-2006-4574)
* Parsing a WEP key could cause a crash
* debian/control: disabled libcap-dev for kfreebsd and hurd
(closes: #375022)
Files:
5cbec27c77fc064236a8ecfac187c2f0 1034 net optional wireshark_0.99.4-1.dsc
2556a31d0d770dd1990bd67b98bd2f9b 13306790 net optional
wireshark_0.99.4.orig.tar.gz
f3e655ac1b1cf292f374fabce17d1446 14524 net optional wireshark_0.99.4-1.diff.gz
b707378f7de405b9a2a1e6a7f90acafe 9117990 net optional
wireshark-common_0.99.4-1_amd64.deb
0ac6f11a4618a3bf6d4ab2e8ab47f74e 607536 net optional
wireshark_0.99.4-1_amd64.deb
55218d2e10c37104482d0653c9a783a2 111680 net optional tshark_0.99.4-1_amd64.deb
7151a52c7567f9994bb1d976955e5ee2 172190 devel optional
wireshark-dev_0.99.4-1_amd64.deb
2e2901fecdc7392b241524008c608a68 22252 net optional
ethereal-common_0.99.4-1_amd64.deb
9362d78bdb14817d5498939d242b6769 21906 devel optional
ethereal-dev_0.99.4-1_amd64.deb
219475aec28d146543424fc857986c67 21890 net optional ethereal_0.99.4-1_amd64.deb
bee9da6c03f009e45c04f75d4d45a5e0 21902 net optional
tethereal_0.99.4-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFSHT1oR3LsWeD7V4RAlLRAJ4vKPLcAwELctIDUwW9WdhYMSg84QCfU23u
p2kLsy7GPt0J6HVawgzXbKE=
=dPVY
-----END PGP SIGNATURE-----
--- End Message ---
