** Changed in: wireshark (Ubuntu Edgy)
Status: Fix Committed => Fix Released
--
WireShark versions prior to 0.99.6 vulnerability
https://bugs.launchpad.net/bugs/132915
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs
wireshark (0.99.4-6ubuntu0.1) feisty-security; urgency=low
* SECURITY UPDATE: wireshark has several vulnerabilities:
(LP: #132915)
+ CVE-2007-3389: Wireshark before 0.99.6 allows remote attackers to cause
a denial of service (crash) via a crafted chunked encoding in an HTTP
r
These looks good. Thanks for digging out all the patches! I've
uploaded these to the security queue; they should be published shortly.
** Changed in: wireshark (Ubuntu Edgy)
Status: In Progress => Fix Committed
** Changed in: wireshark (Ubuntu Feisty)
Status: In Progress => Fix Co
** Attachment added: "edgy debdiff with all CVEs fixed"
http://launchpadlibrarian.net/10455970/wireshark_0.99.3a-1ubuntu1.1.debdiff
--
WireShark versions prior to 0.99.6 vulnerability
https://bugs.launchpad.net/bugs/132915
You received this bug notification because you are a member of Ubuntu
Edgy is still affected by:
CVE-2007-0456
CVE-2007-0457
CVE-2007-0458
CVE-2007-0459
which will be fixed by the new debdiff of edgy...
Those CVEs are mentioned as well in #86908
\sh
** Attachment removed: "edgy debdiff to fix all cve issues"
http://launchpadlibrarian.net/10440005/wireshark_0.9
Hi,
no CVE-2007-3391 doesn't affect 0.99.4 and 0.99.3a in feisty and edgy.
The fix is only valid for 0.99.5 which isn't in gutsy, feisty, edgy.
** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2007-0456
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-0457
\sh, there are another 4 CVEs affecting Edgy on bug #86908.
Additionally, I believe that CVE-2007-3391 affects Edgy and Feisty.
ubuntu-cve confirms that that is all of them.
--
WireShark versions prior to 0.99.6 vulnerability
https://bugs.launchpad.net/bugs/132915
You received this bug notificati
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-3391
--
WireShark versions prior to 0.99.6 vulnerability
https://bugs.launchpad.net/bugs/132915
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing
Well, this is only one of them.
here is the complete list with fixes...I'm preparing some debdiffs from dapper
to feisty. gutsy is clean.
* SECURITY UPDATE: wireshark has several vulnerabilities:
+ CVE-2007-3389: Wireshark before 0.99.6 allows remote attackers to cause
a denial
** Attachment added: "edgy debdiff to fix all cve issues"
http://launchpadlibrarian.net/10440005/wireshark_0.99.3a-1ubuntu1.1.debdiff
--
WireShark versions prior to 0.99.6 vulnerability
https://bugs.launchpad.net/bugs/132915
You received this bug notification because you are a member of Ubunt
** Attachment removed: "feisty debdiff with all CVE fixes"
http://launchpadlibrarian.net/10438500/wireshark_0.99.4-6ubuntu0.1.debdiff
** Attachment added: "feisty debdiff with all CVE fixes"
http://launchpadlibrarian.net/10439578/wireshark_0.99.4-6ubuntu0.1.debdiff
** CVE added: http://www.c
for edgy all CVEs from 0.99.5 downto 0.99.4 are valid and additionally the
following:
CVE-2006-4805
CVE-2006-4574
CVE-2006-5469
CVE-2006-5740
CVE-2006-5468
--
WireShark versions prior to 0.99.6 vulnerability
https://bugs.launchpad.net/bugs/132915
You received this bug notification because y
in dapper wireshark was still named ethereal
--
WireShark versions prior to 0.99.6 vulnerability
https://bugs.launchpad.net/bugs/132915
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.
** Attachment added: "feisty debdiff with all CVE fixes"
http://launchpadlibrarian.net/10438500/wireshark_0.99.4-6ubuntu0.1.debdiff
--
WireShark versions prior to 0.99.6 vulnerability
https://bugs.launchpad.net/bugs/132915
You received this bug notification because you are a member of Ubuntu
Found another CVE hanging:
CVE-2007-4721:
Integer signedness error in the DNP3 dissector in
Wireshark 0.99.5 and earlier allows remote attackers to cause a denial of
service (infinite loop) via a certain DNP3 packet.
The fix is quite easy, reading the explanation on
http://archives.neohapsis.com
** Changed in: wireshark (Ubuntu)
Importance: Undecided => High
--
WireShark versions prior to 0.99.6 vulnerability
https://bugs.launchpad.net/bugs/132915
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubu
Fixed in Gutsy/Hardy by the autosync.
** Changed in: wireshark (Ubuntu Edgy)
Importance: Undecided => High
Assignee: (unassigned) => Stephan Hermann (shermann)
Status: New => In Progress
** Changed in: wireshark (Ubuntu Feisty)
Importance: Undecided => High
Assignee: (unass
** Attachment added: "feisty debdiff to fix all CVEs"
http://launchpadlibrarian.net/10403760/wireshark_0.99.4-6ubuntu0.1.debdiff
--
WireShark versions prior to 0.99.6 vulnerability
https://bugs.launchpad.net/bugs/132915
You received this bug notification because you are a member of Ubuntu
Bug
** Changed in: wireshark (Ubuntu)
Sourcepackagename: None => wireshark
--
WireShark versions prior to 0.99.6 vulnerability
https://bugs.launchpad.net/bugs/132915
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
** Visibility changed to: Public
--
WireShark versions prior to 0.99.6 vulnerability
https://bugs.launchpad.net/bugs/132915
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://
20 matches
Mail list logo
